Elevation of Privilege Vulnerability in Microsoft Windows Products
CVE-2017-8675

7HIGH

Key Information:

Vendor
Microsoft
Status
Windows Kernel-mode Drivers
Vendor
CVE Published:
13 September 2017

Summary

The Windows Kernel-Mode Drivers component in several versions of Microsoft Windows has a vulnerability that allows an attacker to elevate privileges when the Win32k component fails to manage memory objects appropriately. This issue affects multiple versions of Windows, including server platforms and consumer editions, potentially leading to unauthorized access and control over system functionalities.

Affected Version(s)

Windows Kernel-Mode Drivers Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100752
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039325
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.