Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11783 — Corporation Windows vulnerability

5 documents5 sources

Severity

7.0HIGHNVD

EPSS

3.6%

top 12.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Microsoft Windows Server 2012 +13 more

Timeline

PublishedOct 13

Latest updateMay 13

Description

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages16 packages

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶CVEListV5microsoft_corporation/windowsMicrosoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-wq5g-v6jv-g4cg: Microsoft Windows 8↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation↗2018-02-20

▶

📋Vendor Advisories

Microsoft

Windows ALPC Elevation of Privilege Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶