CVE-2017-8716

{"id": "CVE-2017-8716", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2017-09-13T01:29:10.990", "references": [{"url": "http://www.securityfocus.com/bid/100802", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1039325", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8716", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/100802", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039325", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8716", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka \"Windows Security Feature Bypass Vulnerability\"."}, {"lang": "es", "value": "Control Flow Guard de Windows en Microsoft Windows 10 1703 permite a un atacante ejecutar una aplicaci\u00f3n especialmente manipulada para omitir el mecanismo de seguridad de Control Flow Guard por la manera en la que Control Flow Guard maneja los objetos en la memoria. Esta condici\u00f3n tambi\u00e9n se conoce como \"Windows Security Feature Bypass Vulnerability\"."}], "lastModified": "2024-11-21T03:34:33.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}