Home

CVE-2017-0103

Description

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka Windows Registry Elevation of Privilege Vulnerability.

Risk Information

Base Score
6.2
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
1.188

Associated Vulnerability

VulnerabilityOS Platform
Internet Explorer Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems -WannaCrypt Ransomware Worm (KB4012215)Windows
Internet Explorer Information Disclosure Vulnerability for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012215)Windows
Internet Explorer Information Disclosure Vulnerability for Windows 7 - WannaCrypt Ransomware Worm(KB4012215)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard for x64-based Systems (KB4012214)Windows
Windows Uniscribe Information Disclosure Vulnerability for Windows Embedded 8 Standard (KB4012214)Windows
Windows Elevation of Privilege Vulnerability for Windows Server 2008 for x64-based Systems (KB4011981)Windows
Windows Elevation of Privilege Vulnerability for Windows Server 2008 (KB4011981)Windows
Windows Elevation of Privilege Vulnerability for Windows Vista for x64-based Systems (KB4011981)Windows
Windows Elevation of Privilege Vulnerability for Windows Vista (KB4011981)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-22046March, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems -WannaCrypt Ransomware Worm (KB4012215)
PATCH-22045March, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012215)
PATCH-22044March, 2017 Security Monthly Quality Rollup for Windows 7 - WannaCrypt Ransomware Worm(KB4012215)
PATCH-22150March, 2017 Security Monthly Quality Rollup for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012217)
PATCH-22063March, 2017 Security Only Quality Update for Windows 7 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22062March, 2017 Security Only Quality Update for Windows 7 - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22064March, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems - WannaCrypt Ransomware Worm(KB4012212)
PATCH-22070March, 2017 Security Only Quality Update for Windows Server 2012 - WannaCrypt Ransomware Worm(KB4012214)
PATCH-22104Security Update for Windows Server 2008 for x64-based Systems (KB4011981)
PATCH-22102Security Update for Windows Server 2008 (KB4011981)
PATCH-22103Security Update for Windows Vista for x64-based Systems (KB4011981)
PATCH-22101Security Update for Windows Vista (KB4011981)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234