CVE-2017-0295

Опубликовано: 15 июн. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".

Ссылки

http://www.securityfocus.com/bid/98904
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038674
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0295
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98904
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038674
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0295
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00529

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-0295

CVSS3: 4.8

msrc

около 8 лет назад

Windows Default Folder Tampering Vulnerability

GHSA-mxrv-wg7h-r74h