Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-0166: LDAP Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-0166: LDAP Elevation of Privilege Vulnerability

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
04/11/2017
Created
07/25/2018
Added
04/11/2017
Modified
09/11/2024

Description

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."

Solution(s)

  • microsoft-windows-windows_10-1507-kb4015221
  • microsoft-windows-windows_10-1511-kb4015219
  • microsoft-windows-windows_10-1607-kb4015217
  • microsoft-windows-windows_10-1703-kb4015583
  • microsoft-windows-windows_server_2012-kb4015548
  • microsoft-windows-windows_server_2012_r2-kb4015547
  • microsoft-windows-windows_server_2016-1607-kb4015217
  • msft-kb4015068-04b33d9b-804a-4a68-a1df-d591204603f2
  • msft-kb4015068-7531ccd9-3338-4608-a381-083715238017
  • msft-kb4015068-cf049544-5182-4533-bee3-d1e741be5b6f
  • msft-kb4015068-dc508d94-e015-4010-b668-fd66aa199201
  • msft-kb4015546-592c9a40-6bdc-4122-8496-0b4295cf7a86
  • msft-kb4015546-61107fd4-8fba-4639-9c3a-d70a69936b4e
  • msft-kb4015546-7026cec0-32bf-4488-b45a-838aa929c109
  • msft-kb4015546-c77661d2-7566-4f86-943c-264545419691
  • msft-kb4015546-cc8006a9-8438-45aa-a20d-cceef511098d
  • msft-kb4015546-e2e88e16-fd32-4c2e-8848-69817601c17b
  • msft-kb4015547-e0e5d08f-8c2b-4dcf-a8c9-36eb7c174896
  • msft-kb4015547-eb001e30-98fe-4874-a0c9-436635649fdd
  • msft-kb4015548-72db1a7d-338c-4903-9869-9fd8258b643a
  • msft-kb4015548-d1986d38-72dd-4e1a-877e-70a3f77f7802

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;