CVE-2017-0191
published 2017-04-12CVE-2017-0191: A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012…
PriorityP427medium5.8CVSS 3.0
AVNACHPRHUINSCCNINAH
EPSS
4.73%
90.7th percentile
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.05.8MEDIUMCVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
vendor_msrc5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows IPSec Denial of Service Vulnerability
vendor_msrc·2017-04-11·CVSS 5.8
CVE-2017-0191 [MEDIUM] Windows IPSec Denial of Service Vulnerability
Windows IPSec Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources.
The security update addresses the vulnerability by correcting how Windows handles objects in memory.
Microsoft Windows: Microsoft Windows
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:Permanent
R
GHSA
GHSA-jrcj-g9x9-2xh9: A denial of service vulnerability exists in the way that Windows 7, Windows 8
ghsa_unreviewed·2022-05-13
CVE-2017-0191 [MEDIUM] GHSA-jrcj-g9x9-2xh9: A denial of service vulnerability exists in the way that Windows 7, Windows 8
A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97466http://www.securitytracker.com/id/1038239https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0191http://www.securityfocus.com/bid/97466http://www.securitytracker.com/id/1038239https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0191
2017-04-12
Published