Elevation of Privilege Vulnerability in Microsoft Windows Server and 10
CVE-2017-11782

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Server Block Message (smb)
Vendor
CVE Published:
13 October 2017

Summary

This vulnerability exists in the Microsoft Server Message Block (SMB) protocol on specific versions of Microsoft Windows. An attacker could exploit this vulnerability by sending specially crafted requests to the SMB server. Successful exploitation could allow the attacker to gain elevated privileges on the affected system, potentially allowing them to execute arbitrary code with system-level permissions, thus compromising the integrity and confidentiality of the system.

Affected Version(s)

Server Block Message (SMB) Microsoft Windows 10 1607 and Windows Server 2016

References

http://www.securitytracker.com/id/1039528
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/101143
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.