Main Vulnerability Database Vulnerabilities #VU6448

#VU6448 Privilege escalation in Windows and Windows Server - CVE-2017-0077

Published: May 9, 2017

Vulnerability identifier: #VU6448

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0077

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper handling of objects in memory by the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys). A local attacker can run a specially crafted application, trigger memory corruption, gain root privileges and take control over the affected system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0077

#VU6448 Privilege escalation in Windows and Windows Server - CVE-2017-0077

Description

Remediation

External links

Please verify you're human