8.8

CVE-2017-8625

Exploit
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version11
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1511
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 15.26% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

http://www.securityfocus.com/bid/100063
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039112
Third Party Advisory
VDB Entry
https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625
Patch
Vendor Advisory
https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442
Third Party Advisory
Exploit