CVE-2017-0100

HIGH

Microsoft Windows 10 - Authentication Bypass

Title source: rule

Description

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."

Exploits (2)

nomisec WORKING POC 10 stars
by cssxn · poc
https://github.com/cssxn/CVE-2017-0100
exploitdb WORKING POC VERIFIED
by Google Security Research · localwindows
https://www.exploit-db.com/exploits/41607

References (6)

Scores

CVSS v3 7.8
EPSS 0.3468
EPSS Percentile 97.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-287
Status draft

Affected Products (9)

microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2016

Timeline

Published Mar 17, 2017
Tracked Since Feb 18, 2026