Vulnerability Details : CVE-2017-0191
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
Vulnerability category: Denial of service
Products affected by CVE-2017-0191
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0191
2.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0191
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST | |
5.8
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H |
1.3
|
4.0
|
NIST |
References for CVE-2017-0191
-
http://www.securitytracker.com/id/1038239
Windows Kernel Bugs Let Remote Authenticated Users Deny Service and Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/97466
Microsoft Windows CVE-2017-0191 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0191
CVE-2017-0191 - Security Update Guide - Microsoft - Windows IPSec Denial of Service VulnerabilityPatch;Vendor Advisory
Jump to