CVE-2017-8465
Published Jun 15, 2017
Last updated 5 years ago
Overview
- Description
- Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-281
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A53518A3-04E9-4997-97AD-551DB05EA3BE"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
}
],
"operator": "OR"
}
]
}
]