Main Vulnerability Database SB20170314140

SB20170314140 - Windows HelpPane Elevation of Privilege Vulnerability

Published: March 14, 2017

Security Bulletin ID SB20170314140

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Privilege escalation (CVE-ID: CVE-2017-0100)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local user to elevate privileges.

The vulnerability exists due to failure to properly authenticate a client in when a DCOM object in Helppane.exe configured to run as the interactive user. A local user can execute specially crafted application and gain elevated privileges once another user is logged in to the same system via Terminal Services or Fast User Switching.

Successful exploitation of this vulnerability may allow an attacker to escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0100