cbcvebase.
CVE-2017-0050
published 2017-03-17

CVE-2017-0050: The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1…

PriorityP337high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
1.47%
70.5th percentile
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

Affected

18 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server_2008
microsoftwindows_server_2012
microsoft_corporationwindows_kernel
msrcwindows_10
msrcwindows_10_version_1511
msrcwindows_10_version_1607
msrcwindows_7
msrcwindows_8.1
msrcwindows_rt_8.1
msrcwindows_server_2008
msrcwindows_server_2008_r2
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016
msrcwindows_vista_service_pack_2
msrcwindows_vista_x64_edition_service_pack_2

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.