cbcvebase.
CVE-2017-0210
published 2017-04-12

CVE-2017-0210: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access…

PriorityP179high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-14
Exploited in the wild
EPSS
19.52%
97.0th percentile
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."

Affected

20 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoft_corporationinternet_explorer
msrcinternet_explorer_10_on_windows_server_2012
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1703_for_x64-based_systems
msrcinternet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1
msrcinternet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1
msrcinternet_explorer_11_on_windows_8.1_for_32-bit_systems
msrcinternet_explorer_11_on_windows_8.1_for_x64-based_systems
msrcinternet_explorer_11_on_windows_rt_8.1
msrcinternet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac
msrcinternet_explorer_11_on_windows_server_2012_r2
msrcinternet_explorer_11_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation is confirmed in the wild (both latest and older software releases); monitor for Internet Explorer processes spawning child processes or executing code at medium integrity level after starting at low integrity level, which may indicate chained exploitation of this EoP.
  • The vulnerability enables elevation from low integrity level to medium integrity level within Internet Explorer; detect unexpected integrity-level changes in iexplore.exe child processes.
  • Attack vector is web-based; monitor for Internet Explorer navigating to attacker-controlled or compromised websites hosting specially crafted content that attempts cross-domain policy bypass.
  • This EoP is commonly chained with a remote code execution vulnerability; investigate any RCE indicators in Internet Explorer alongside this CVE, as the combination allows arbitrary code at medium integrity.
  • ·The vulnerability resides in Internet Explorer's cross-domain policy enforcement; no specific configuration is required by the attacker beyond convincing a user to visit a malicious or compromised website — social engineering (e.g., malicious link) is the required delivery mechanism.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.