CVE-2017-8552

Published: Jun 15, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263.

Affected (3)

Products: Microsoft: Windows 7, Windows Server 2008

2 products

Windows Server 2008

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8552

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8552

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.