CVE-2017-8465

HIGH

Microsoft Windows - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8465. PoCs published by nghiadt1098.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2017-8465, a Windows kernel vulnerability in the win32k.sys driver. The exploit leverages cursor object manipulation to achieve arbitrary kernel memory read/write, leading to local privilege escalation.

Description

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.

Exploits (1)

nomisec WORKING POC
by nghiadt1098 · poc
https://github.com/nghiadt1098/CVE-2017-8465

This is a proof-of-concept exploit for CVE-2017-8465, a Windows kernel vulnerability in the win32k.sys driver. The exploit leverages cursor object manipulation to achieve arbitrary kernel memory read/write, leading to local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Microsoft Windows (win32k.sys)
No auth needed
Prerequisites: Windows system vulnerable to CVE-2017-8465
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98843

Scores

CVSS v3 7.8
EPSS 0.0699
EPSS Percentile 91.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-281
Status published
Products (8)
microsoft/windows_10 1511
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_8.1
microsoft/windows_8.1 rt
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
Microsoft Corporation/Microsoft Windows Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1
Published Jun 15, 2017
Tracked Since Feb 18, 2026