CVE-2017-0055 — Cross-site Scripting in Corporation IIS Server

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

1.4%

top 19.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation IIS Server Microsoft Windows 10 Microsoft Windows Server 2008 +14 more

Timeline

PublishedMar 17

Latest updateMay 17

Description

Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages16 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pw85-hhgc-r9w6: Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8↗2022-05-17

▶

💥Exploits & PoCs

Nuclei

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

▶

📋Vendor Advisories

Microsoft

Microsoft IIS Server XSS Elevation of Privilege Vulnerability↗2017-03-14

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 03-14-2017↗

▶