ID CVE-2017-8580
Summary Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-281
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 99421
confirm https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8580
sectrack 1038853
Last major update 03-10-2019 - 00:03
Published 11-07-2017 - 21:29
Last modified 03-10-2019 - 00:03
Back to Top