CVE Vulnerabilities

CVE-2017-0211

Externally Controlled Reference to a Resource in Another Sphere

Published: Apr 12, 2017 | Modified: Oct 03, 2019
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka Windows OLE Elevation of Privilege Vulnerability.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Windows_rt_8.1 Microsoft * *
Windows_server_2012 Microsoft r2 r2
Windows_server_2016 Microsoft * *
Windows_10 Microsoft 1511 1511
Windows_10 Microsoft 1607 1607
Windows_8.1 Microsoft * *
Windows_server_2012 Microsoft * *
Windows_10 Microsoft * *
Windows_10 Microsoft 1703 1703

References