CVE-2017-0213

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-0213
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.securityfocus.com/bid/98102 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038457 Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213 Patch Vendor Advisory
https://www.exploit-db.com/exploits/42020/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
History

09 Jul 2024, 18:24

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/98102 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/98102 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1038457 - () http://www.securitytracker.com/id/1038457 - Broken Link, Third Party Advisory, VDB Entry
References () https://www.exploit-db.com/exploits/42020/ - () https://www.exploit-db.com/exploits/42020/ - Exploit, Third Party Advisory, VDB Entry
First Time Microsoft windows 10 1511
Microsoft windows 10 1703
Microsoft windows 10 1507
Microsoft windows 10 1607
CVSS v2 : 1.9
v3 : 4.7 		v2 : 1.9
v3 : 7.3
CPE cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*		 cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Information

Published : 2017-05-12 14:29

Updated : 2024-07-09 18:24

NVD link : CVE-2017-0213

Mitre link : CVE-2017-0213

CVE.ORG link : CVE-2017-0213

JSON object : View

Products Affected

microsoft

  • windows_10_1507
  • windows_10_1703
  • windows_8.1
  • windows_10_1607
  • windows_7
  • windows_10_1511
  • windows_server_2012
  • windows_server_2016
  • windows_server_2008
  • windows_rt_8.1
CWE
NVD-CWE-noinfo