Windows COM Session Elevation of Privilege Vulnerability - CVE-2017-0298ID: oval:org.secpod.oval:def:40902 | Date: (C)2017-06-14 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.To exploit the vulnerability, an attacker would first
have to log on to the system. An attacker could then run a specially crafted
application that could exploit the vulnerability after another user logged on to
the same system via Terminal Services or Fast User Switching.
The update addresses the vulnerability by correcting how Helppane.exe authenticates the client.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |