4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
81.5%
CVE-2017-0213 Windows COM elevation of privilege vulnerability components take a look at this vulnerability:
<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213>
Windows COM Aggregate Marshaler in the realization of the presence of Privilege escalation vulnerability allows a remote attacker to elevate privileges to execute arbitrary code.
Vernacular: in package a COM component can provide the right
Microsoftâs official said:
Elevation of privileges exists in the Windows COM package. An attacker successfully exploited the vulnerability could run arbitrary code with higher privileges. In order to exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability itself does not allow arbitrary code to run. However, the vulnerability may be associated with one or more vulnerabilities such as remote code execution vulnerabilities and the another privilege level, used together, can be in the running with elevated privileges.
The affected versions are as follows:
| | | |
â|â|â|â
Product | Version | Update | Tested
Windows 10 | | | â
Windows 10 | 1511 | |
Windows 10 | 1607 | |
Windows 10 | 1703 | | â
Windows 7 | | SP1 | â
Windows 8.1 | | |
Windows RT 8.1 | | |
Windows Server 2008 | | SP2 |
Windows Server 2008 | R2 | SP1 |
Windows Server 2012 | | |
Windows Server 2012 | R2 | |
Windows Server 2016 | | |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
81.5%