CVE-2017-11782 — Improper Input Validation in Corporation Server Block Message

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Server Block Message Microsoft Windows 10 Msrc Windows 10 Version 1607 FOR 32-bit Systems +2 more

Timeline

PublishedOct 13

Latest updateMay 13

Description

The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/server_block_messageMicrosoft Windows 10 1607 and Windows Server 2016

▶NVDmicrosoft/windows_101607

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mpc8-f6h2-689c: The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows SMB Elevation of Privilege Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶