CVE-2017-0298
published 2017-06-15CVE-2017-0298: A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1…
PriorityP337high7.3CVSS 3.0
AVLACLPRLUIRSUCHIHAH
EPSS
1.90%
77.1th percentile
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_8.1 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_com | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7f6r-783g-6vgx: A DCOM object in Helppane
ghsa_unreviewed·2022-05-13
CVE-2017-0298 [HIGH] GHSA-7f6r-783g-6vgx: A DCOM object in Helppane
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."
Microsoft
Windows COM Session Elevation of Privilege Vulnerability
vendor_msrc·2017-06-13·CVSS 6.6
CVE-2017-0298 [HIGH] Windows COM Session Elevation of Privilege Vulnerability
Windows COM Session Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability after another user logged on to the same system via Terminal Services or Fast User Switching.
The update addresses the vulnerability by correcting how Helppane.exe authenticates the client.
Windows COM: Windows COM
Impact: Information Disclosure
Exploit Status: Publicly
No detection rules found.
No public exploits indexed.
2017-06-15
Published