Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0211Externally Controlled Reference to a Resource in Another Sphere in Corporation Windows OLE

CWE-610Externally Controlled Reference to a Resource in Another Sphere7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
22.3%
top 4.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
17
Microsoft Corporation Windows OLEMicrosoft Windows 10Microsoft Windows Server 2012+14 more
Timeline
PublishedApr 12
Latest updateJan 1

Description

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages17 packages

NVDmicrosoft/windows_101511, 1607, 1703+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
Project0
Windows Bug Class: Accessing Trapped COM Objects with IDispatch - Project Zero2025-01-01
GHSA
GHSA-9vvv-8533-53p6: An elevation of privilege vulnerability exists in Windows 10, Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation2017-04-20

📋Vendor Advisories

1
Microsoft
Windows OLE Elevation of Privilege Vulnerability2017-04-11

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Talos
Microsoft Patch Tuesday - April 20172017-04-12