VYPR
← All advisories
High severity8.1NVD Advisory· Published Apr 12, 2017· Updated May 13, 2026

CVE-2017-0166

CVE-2017-0166

Description

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."

Affected products

15
  • Microsoft/Windows 104 versions
    cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • Microsoft/Windows 72 versions
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • Microsoft/Windows 8.1
    cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • Microsoft/Windows Rt 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 20082 versions
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • Microsoft/Windows Server 20122 versions
    cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • Microsoft/Windows Server 2016
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • Microsoft/Windows Vista
    cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
  • Microsoft Corporation/LDAPv5
    Range: Windows

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.