CVE-2017-0039 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability."

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Windows Server 2008	All versions
Microsoft	Windows Vista	All versions

References

http://www.securityfocus.com/bid/96024Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038001
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039PatchVendor Advisory
http://www.securityfocus.com/bid/96024Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038001
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0039PatchVendor Advisory

FAQ

What is CVE-2017-0039?

CVE-2017-0039 is a vulnerability with a CVSS score of 7.8 (HIGH). Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validati...

How severe is CVE-2017-0039?

CVE-2017-0039 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-0039?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2008, Microsoft Windows Vista.