CVE-2017-0103

HIGH

Microsoft Windows Privilege Escalation via Registry Object Mishandling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0103. PoCs published by Google Security Research.

AI-analyzed exploit summary The provided text describes a Windows kernel vulnerability (CVE-2017-0103) involving crashes in nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages when loading corrupted registry hive files. It includes crash logs and reproduction details but lacks actual exploit code.

Description

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/41645

The provided text describes a Windows kernel vulnerability (CVE-2017-0103) involving crashes in nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages when loading corrupted registry hive files. It includes crash logs and reproduction details but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Microsoft Windows 7 (32-bit and 64-bit)
No auth needed
Prerequisites: Corrupted registry hive files · Ability to call RegLoadAppKey() API · Sequential loading of multiple corrupted hives
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41645/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038013
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96623

Scores

CVSS v3 7.0
EPSS 0.0294
EPSS Percentile 85.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (6)
microsoft/windows_7
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_vista
Microsoft Corporation/Windows Registry The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, an
Published Mar 17, 2017
Tracked Since Feb 18, 2026