⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-18.
CVE-2017-0213 — Corporation Windows COM vulnerability
22 documents17 sources
Severity
7.3HIGHNVD
NVD7.0
EPSS
92.7%
top 0.25%
CISA KEV
KEVRansomware
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMay 12
KEV addedMar 28
KEV dueApr 18
Latest updateFeb 12
CISA Required Action: Apply updates per vendor instructions.
Description
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9
Affected Packages15 packages
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation↗2017-05-17
📋Vendor Advisories
2🕵️Threat Intelligence
13📄Research Papers
1arXiv▶
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures↗2025-02-12