CVE-2017-8624

Опубликовано: 08 авг. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

Ссылки

http://www.securityfocus.com/bid/100061
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039106
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100061
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039106
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01092

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-8624

CVSS3: 8.8

msrc

около 8 лет назад

Windows Common Log File System Driver Elevation of Privilege Vulnerability

GHSA-cm6q-2v53-x62r