← back
CVE-2017-0103

CVE-2017-0103

EPSS 2.9%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 2.9%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
17 Mar 2017Published on NVD
20 Mar 2017Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."
Affected products
Microsoft Corporation · Windows Registry
public PoCs found2
cve_referencewww.exploit-db.com/exploits/41645/unverifiedexploitdbwww.exploit-db.com/exploits/41645unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0103https://www.exploit-db.com/exploits/41645/http://www.securityfocus.com/bid/96623http://www.securitytracker.com/id/1038013