CVE-2017-8566

Опубликовано: 11 июл. 2017

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".

Ссылки

http://www.securityfocus.com/bid/99404
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038853
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99404
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038853
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00554

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-8566

CVSS3: 7

msrc

почти 8 лет назад

Windows IME Elevation of Privilege Vulnerability

GHSA-phv5-9c42-cwvf

CVSS3: 7

github

около 3 лет назад

EPSS

Процентиль: 67%

0.00554

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20