CVE-2017-8579
published 2017-06-29CVE-2017-8579: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel…
PriorityP432high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EPSS
1.16%
63.2th percentile
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft_corporation | microsoft_windows | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m26g-pfvj-g9mg: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code i
ghsa_unreviewed·2022-05-13
CVE-2017-8579 [HIGH] CWE-281 GHSA-m26g-pfvj-g9mg: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code i
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
Microsoft
DirectX Elevation of Privilege Vulnerability
vendor_msrc·2017-06-13·CVSS 7.0
CVE-2017-8579 [HIGH] DirectX Elevation of Privilege Vulnerability
DirectX Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses the vulnerability by correcting how DirectX handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Elevation of Privilege
Exploit Status: Publi
No detection rules found.
No public exploits indexed.
Unit42
Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
blogs_unit42·2018-03-05·CVSS 7.0
CVE-2017-8579 [HIGH] Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
Threat Research Center
Threat Research
Malware
## Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
Brandon Levene
Josh Grunzweig
Published: March 5, 2018
Cybercrime
Malware
Threat Research
ComboJack
Cryptocurrency
Cryptoshuffler
CVE-2017-8579
Summary
Unit 42 researchers have discovered a new currency stealer which targets cryptocurrencies and online wallets. "CryptoJack" functions by replacing clipboard addresses with an attacker-controlled address which sends funds into the attacker's wallet. This technique relies on victims not checking the destination wallet prior to finalizing a transaction. In 2017, CryptoShuffler was the first malware to utilize this tactic. In contrast to that one, which focused on numerous cryptocurrencies, Combo
Unit42
Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
blogs_unit42·2018-03-05·CVSS 7.0
[HIGH] Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency
Summary
Unit 42 researchers have discovered a new currency stealer which targets cryptocurrencies and online wallets. "CryptoJack" functions by replacing clipboard addresses with an attacker-controlled address which sends funds into the attacker's wallet. This technique relies on victims not checking the destination wallet prior to finalizing a transaction. In 2017, CryptoShuffler was the first malware to utilize this tactic. In contrast to that one, which focused on numerous cryptocurrencies, ComboJack targets both a range of cryptocurrencies, as well as digital currencies such as WebMoney and Yandex Money.
Details
Early on the morning of February 25, 2018, Unit 42 and Proofpoint researchers observed an interesting malspam campaign targeting Japanese and American users. This particula
2017-06-29
Published