Privilege escalation in Windows IME

Published: 2017-07-11 22:24:10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 7.3 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-8566
CWE ID CWE-20
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Improper input validation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class. A local user can execute arbitrary code on the target system with elevated privileges.

Note: The attacker can instantiate the DCOM class and exploit the system even if IME is not enabled.


Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8566

Back to List