CVE-2017-0109 | Date: (C)2017-03-23 (M)2024-03-06 |
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.6 | CVSS Score : 7.4 |
Exploit Score: 1.0 | Exploit Score: 4.4 |
Impact Score: 6.0 | Impact Score: 10.0 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: ADJACENT_NETWORK | Access Vector: ADJACENT_NETWORK |
Attack Complexity: HIGH | Access Complexity: MEDIUM |
Privileges Required: HIGH | Authentication: SINGLE |
User Interaction: NONE | Confidentiality: COMPLETE |
Scope: CHANGED | Integrity: COMPLETE |
Confidentiality: HIGH | Availability: COMPLETE |
Integrity: HIGH | |
Availability: HIGH | |
| |