{ "id": "CVE-2017-8465", "sourceIdentifier": "secure@microsoft.com", "published": "2017-06-15T01:29:02.757", "lastModified": "2019-10-03T00:03:26.223", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-8468." }, { "lang": "es", "value": "Microsoft Windows versi\u00f3n 8.1 y Windows RT versi\u00f3n 8.1, Windows Server 2012 R2, Windows 10 versiones Gold, 1511, 1607 y Windows Server 2016, permiten a un atacante ejecutar procesos en un contexto elevado cuando el kernel de Windows maneja inapropiadamente objetos en la memoria, tambi\u00e9n se conoce como \"Win32k Elevation of Privilege Vulnerability\". El ID de este CVE es diferente de CVE-2017-8468." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-281" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*", "matchCriteriaId": "A53518A3-04E9-4997-97AD-551DB05EA3BE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/98843", "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465", "source": "secure@microsoft.com", "tags": [ "Mitigation", "Patch", "Vendor Advisory" ] } ] }