Improper Preservation of Permissions
CVE-2017-8494
Summary
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability".
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- LOW
- HIGH
- HIGH
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published