Details of VAR-201712-0416

ID

VAR-201712-0416

CVE

CVE-2017-5717

TITLE

Intel Vulnerability related to illegal type conversion in graphics driver

Trust: 0.8

sources: JVNDB: JVNDB-2017-011321

DESCRIPTION

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. Intel is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with elevated privileges. Intel Graphics Driver is an integrated graphics driver developed by Intel Corporation. Content Protection HECI Service is one of the content protection services. The following versions are affected: Intel Graphics Driver version 15.49, version 15.47, version 15.46, version 15.45, version 15.40, version 15.36, version 15.33

Trust: 1.98

sources: NVD: CVE-2017-5717 // JVNDB: JVNDB-2017-011321 // BID: 102221 // VULHUB: VHN-113920

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.49	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.47	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.46	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33	Trust: 1.9
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8

sources: BID: 102221 // JVNDB: JVNDB-2017-011321 // CNNVD: CNNVD-201712-405 // NVD: CVE-2017-5717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5717
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5717
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201712-405
value:	HIGH
Trust: 0.6
VULHUB:	VHN-113920
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5717
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-113920
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5717
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-113920 // JVNDB: JVNDB-2017-011321 // CNNVD: CNNVD-201712-405 // NVD: CVE-2017-5717

PROBLEMTYPE DATA

problemtype:

CWE-704

Trust: 1.9

sources: VULHUB: VHN-113920 // JVNDB: JVNDB-2017-011321 // NVD: CVE-2017-5717

THREAT TYPE

local

Trust: 0.9

sources: BID: 102221 // CNNVD: CNNVD-201712-405

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-405

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011321

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-113920

PATCH

title:	INTEL-SA-00095	url:	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr	Trust: 0.8
title:	Intel Graphics Driver Content Protection HECI Service Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77115	Trust: 0.6

sources: JVNDB: JVNDB-2017-011321 // CNNVD: CNNVD-201712-405

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5717	Trust: 2.8
db:	EXPLOIT-DB	id:	43373	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-011321	Trust: 0.8
db:	CNNVD	id:	CNNVD-201712-405	Trust: 0.7
db:	BID	id:	102221	Trust: 0.4
db:	PACKETSTORM	id:	145488	Trust: 0.1
db:	VULHUB	id:	VHN-113920	Trust: 0.1

sources: VULHUB: VHN-113920 // BID: 102221 // JVNDB: JVNDB-2017-011321 // CNNVD: CNNVD-201712-405 // NVD: CVE-2017-5717

REFERENCES

url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00095&languageid=en-fr	Trust: 1.9
url:	https://www.exploit-db.com/exploits/43373/	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5717	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5717	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1358&can=1&q=&sort=-modified%20-id&colspec=id%20status%20owner%20summary%20modified%20cve	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00095&languageid=en-fr	Trust: 0.1

sources: VULHUB: VHN-113920 // BID: 102221 // JVNDB: JVNDB-2017-011321 // CNNVD: CNNVD-201712-405 // NVD: CVE-2017-5717

CREDITS

James Forshaw of Google??s Project Zero.

Trust: 0.3

sources: BID: 102221

SOURCES

db:	VULHUB	id:	VHN-113920
db:	BID	id:	102221
db:	JVNDB	id:	JVNDB-2017-011321
db:	CNNVD	id:	CNNVD-201712-405
db:	NVD	id:	CVE-2017-5717

LAST UPDATE DATE

2024-11-23T22:22:20.559000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-113920	date:	2017-12-27T00:00:00
db:	BID	id:	102221	date:	2017-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-011321	date:	2018-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201712-405	date:	2017-12-13T00:00:00
db:	NVD	id:	CVE-2017-5717	date:	2024-11-21T03:28:17.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-113920	date:	2017-12-12T00:00:00
db:	BID	id:	102221	date:	2017-12-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-011321	date:	2018-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201712-405	date:	2017-12-13T00:00:00
db:	NVD	id:	CVE-2017-5717	date:	2017-12-12T20:29:00.287