Vulnerability Details : CVE-2017-8702
Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".
Vulnerability category: Gain privilege
Exploit prediction scoring system (EPSS) score for CVE-2017-8702
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-8702
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
References for CVE-2017-8702
-
http://www.securitytracker.com/id/1039353
Windows Error Reporting File Handling Bug Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/100785
Microsoft Windows Error Reporting CVE-2017-8702 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702
CVE-2017-8702 | Windows Error Reporting Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Products affected by CVE-2017-8702
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*