← Zuruck zu CVEs
CVE-2017-0213
HIGHCISA KEV7.3
Beschreibung
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
CVE Details
CVSS v3.1 Bewertung7.3
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht5/12/2017
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktWindows
SchwachstellennameMicrosoft Windows Privilege Escalation Vulnerability
KEV Aufnahmedatum2022-03-28
Behebungsfrist2022-04-18
Ransomware-NutzungKnown
Betroffene Produkte
microsoft:windows_10_1507microsoft:windows_10_1511microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016
Referenzen
http://www.securityfocus.com/bid/98102(secure@microsoft.com)
http://www.securitytracker.com/id/1038457(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213(secure@microsoft.com)
https://www.exploit-db.com/exploits/42020/(secure@microsoft.com)
http://www.securityfocus.com/bid/98102(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038457(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42020/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0213(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.