Published: 12/12/2017 Updated: 27/12/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel graphics driver 15.46
intel graphics driver 15.45
intel graphics driver 15.40
intel graphics driver 15.36
intel graphics driver 15.33
intel graphics driver 15.49
intel graphics driver 15.47

CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation The HECI service software is distributed as part of the Intel Graphics Driver, and is used by the graphics driver to provide premium content playback services CVE-2017-5727: The Intel® Graphics D ...

Source: bugschromiumorg/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 902117 Class: Elevation of Privilege Summary: The Intel Content Protection HECI Service exposes a DCOM object to all users and most sandboxes (such as Edge LPAC and Chro ...

CWE-704 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00095&languageid=en-fr https://www.exploit-db.com/exploits/43373/https://nvd.nist.gov https://www.exploit-db.com/exploits/43373/https://support.hp.com/us-en/document/c05917813

CVE-2017-5717

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect