Vulnerability Details : CVE-2017-0213
Used for ransomware!
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
Vulnerability category: Gain privilege
Products affected by CVE-2017-0213
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
CVE-2017-0213 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2017-0213
Added on
2022-03-28
Action due date
2022-04-18
Exploit prediction scoring system (EPSS) score for CVE-2017-0213
86.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0213
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST | |
4.7
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.0
|
3.6
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
NIST | 2024-07-09 |
References for CVE-2017-0213
-
http://www.securityfocus.com/bid/98102
Microsoft Windows COM CVE-2017-0213 Local Privilege Escalation VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42020/
Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038457
Windows COM Aggregate Marshaler Lets Local Users Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213
CVE-2017-0213 | Windows COM Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to