CVE-2017-11823

MEDIUM

Microsoft Windows <10.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11823. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit bypasses Windows Lockdown Policy (WLDP) by leveraging a race condition in MSHTML's handling of COM TreatAs keys, allowing arbitrary code execution on systems with UMCI enabled. The PoC involves registry modification and an HTML file to instantiate an unapproved COM class.

Description

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/42997

View Code ZIP pw:eip

This exploit bypasses Windows Lockdown Policy (WLDP) by leveraging a race condition in MSHTML's handling of COM TreatAs keys, allowing arbitrary code execution on systems with UMCI enabled. The PoC involves registry modification and an HTML file to instantiate an unapproved COM class.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 10 S (or any system with UMCI enabled)

No auth needed

Prerequisites: Registry modification access · Execution in Local Machine Zone (e.g., via HTML Help or IE)

MITRE ATT&CK

T1112 - Modify Registry T1218 - System Binary Proxy Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039526

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42997/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101102

Scores

CVSS v3 6.7

EPSS 0.0256

EPSS Percentile 83.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (6)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_server_2016

Microsoft Corporation/Device Guard Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Published Oct 13, 2017

Tracked Since Feb 18, 2026