CVE-2017-8566Improper Input Validation in Microsoft Windows 10

CWE-20Improper Input Validation4 documents4 sources
Severity
7.0HIGHNVD
EPSS
0.6%
top 31.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Windows 10Msrc Windows 10 Version 1607 FOR 32-bit SystemsMsrc Windows 10 Version 1607 FOR X64-based Systems+3 more
Timeline
PublishedJul 11
Latest updateMay 13

Description

Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages6 packages

NVDmicrosoft/windows_101607, 1703+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-phv5-9c42-cwvf: Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improper2022-05-13

📋Vendor Advisories

1
Microsoft
Windows IME Elevation of Privilege Vulnerability2017-07-11

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - July 20172017-07-11