CVE-2017-0210
published 2017-04-12CVE-2017-0210: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access…
PriorityP179high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-14
Exploited in the wild
EPSS
19.52%
97.0th percentile
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft_corporation | internet_explorer | — | — |
| msrc | internet_explorer_10_on_windows_server_2012 | — | — |
| msrc | internet_explorer_11_on_windows_10_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_8.1_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_rt_8.1 | — | — |
| msrc | internet_explorer_11_on_windows_server_2008_r2_for_x64-based_systems_service_pac | — | — |
| msrc | internet_explorer_11_on_windows_server_2012_r2 | — | — |
| msrc | internet_explorer_11_on_windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation is confirmed in the wild (both latest and older software releases); monitor for Internet Explorer processes spawning child processes or executing code at medium integrity level after starting at low integrity level, which may indicate chained exploitation of this EoP. ↗
- →The vulnerability enables elevation from low integrity level to medium integrity level within Internet Explorer; detect unexpected integrity-level changes in iexplore.exe child processes. ↗
- →Attack vector is web-based; monitor for Internet Explorer navigating to attacker-controlled or compromised websites hosting specially crafted content that attempts cross-domain policy bypass. ↗
- →This EoP is commonly chained with a remote code execution vulnerability; investigate any RCE indicators in Internet Explorer alongside this CVE, as the combination allows arbitrary code at medium integrity. ↗
- ·The vulnerability resides in Internet Explorer's cross-domain policy enforcement; no specific configuration is required by the attacker beyond convincing a user to visit a malicious or compromised website — social engineering (e.g., malicious link) is the required delivery mechanism. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qqqw-2g82-cc5x: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker t
ghsa_unreviewed·2022-05-13
CVE-2017-0210 [MEDIUM] GHSA-qqqw-2g82-cc5x: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker t
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
VulnCheck
Microsoft Internet Explorer Privilege Escalation Vulnerability
vulncheck·2017·CVSS 8.8
CVE-2017-0210 [HIGH] Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2017-Apr; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-14
CISA
Microsoft Internet Explorer Privilege Escalation Vulnerability
cisa·2022-05-24·CVSS 8.8
CVE-2017-0210 [HIGH] Microsoft Internet Explorer Privilege Escalation Vulnerability
Vulnerability: Microsoft Internet Explorer Privilege Escalation Vulnerability
Affected: Microsoft Internet Explorer
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0210
Remediation Due Date: 2022-06-14
Microsoft
Internet Explorer Elevation of Privilege Vulnerability
vendor_msrc·2017-04-11·CVSS 3.5
CVE-2017-0210 [HIGH] Internet Explorer Elevation of Privilege Vulnerability
Internet Explorer Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.
In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
## Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
## Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of security features when document loading is done via Outlook attachments for certain crafted emails. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Manage
Talos
Microsoft Patch Tuesday - April 2017
blogs_talos·2017-04-12·CVSS 7.8
CVE-2017-0106 [HIGH] Microsoft Patch Tuesday - April 2017
It’s that time again! Today we bring you April’s Microsoft Patch Tuesday information. These fixed vulnerabilities affect Outlook, Edge, Internet Explorer, Hyper-V, .NET, and Scripting Engine.
### Bulletins Rated Critical
CVE-2017-0106 outlines a vulnerability in Microsoft Word. It permits the bypass of
security features when document loading is done via Outlook attachments for
certain crafted emails. Successful exploitation of this issue may grant an
attacker remote code execution.
CVE-2017-0158 details a vulnerability caused by certain malicious HTML files with VBScript content. Successful exploitation of this issue may grant an attacker remote code execution.
CVE-2017-0160 outlines a compromised WMI server accessed over DCOM using System.Management classes or the Powershell Get-WmiOb
Zscaler
Zscaler protects against 16 new vulnerabilities for MS
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 16 new vulnerabilities for MS
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/97512http://www.securitytracker.com/id/1038238https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210http://www.securityfocus.com/bid/97512http://www.securitytracker.com/id/1038238https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0210https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0210
2017-04-12
Published
2022-05-24
Added to CISA KEV
Exploited in the wild