CVE-2017-0263

CVE Database · CVE-2017-0263

CVE-2017-0263

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

10.03%

Published

May 12, 2017

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-02-10 · Due: 2022-08-10

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMicrosoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation TrickestTrickest PoC index GitHub PoCR06otMD5/cve-2017-0263-poc★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (12)

microsoft · windows_10_1507vulnerable

microsoft · windows_10_1511vulnerable

microsoft · windows_10_1607vulnerable

microsoft · windows_10_1703vulnerable

microsoft · windows_7vulnerable

microsoft · windows_8.1vulnerable

microsoft · windows_rt_8.1vulnerable