CVE-2017-0165

HIGH

Microsoft Windows - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0165. PoCs published by Google Security Research.

AI-analyzed exploit summary The provided C# code demonstrates an elevation of privilege (EoP) vulnerability in Windows 10 (10586) via the IEETWCollector service. It exploits a symbolic link attack to delete arbitrary directories as LocalSystem during ETW session cleanup.

Description

An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · localwindows

https://www.exploit-db.com/exploits/41901

View Code ZIP pw:eip

The provided C# code demonstrates an elevation of privilege (EoP) vulnerability in Windows 10 (10586) via the IEETWCollector service. It exploits a symbolic link attack to delete arbitrary directories as LocalSystem during ETW session cleanup.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 10586 (IEETWCollector service)

Auth required

Prerequisites: Local user access · Ability to create symbolic links · Target directory must be empty

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41901/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038239

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97467

Scores

CVSS v3 7.8

EPSS 0.0334

EPSS Percentile 87.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (6)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012 r2

Microsoft Corporation/Windows Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

Published Apr 12, 2017

Tracked Since Feb 18, 2026