VDB
CVE-2023-36003
CVE-2023-36003
PUBLISHED
In verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server existieren mehrere zum Teil nicht genauer beschriebene Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutzen, um DNS Informationen zu fälschen, um Informationen offenzulegen, um einen Denial of Service Zustand herbeizuführen, um Code auszuführen und um Systemrechte zu erlangen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 38.57% · 97.3th percentile
Risk Scores
EPSS Score
38.57%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Windows 11 Version 21H2 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows Server 2016 | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows Server 2019 | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows Server 2012 R2 | |
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Microsoft | Microsoft Windows 10 Version 21H2 |
Exploit Intelligence
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- Privilege escalation using the XAML diagnostics API (CVE-2023-36003) (github-poc)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- Windows Media Remote Code Execution Vulnerability (circl)
- CVE-2023-36003-POC (cve.org)
- cvrf.go (github-poc)
…and 5 more exploits
Timeline
- Dec 12, 2023 CVE Published
- Dec 13, 2023 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 10, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
- Sep 1, 2024 EPSS Score
- Sep 14, 2024 EPSS Score
- Oct 7, 2024 EPSS Score
- Nov 11, 2024 EPSS Score
- Nov 21, 2024 CVE Updated
- Nov 28, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3137.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3137 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/ advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2023/12.html advisory