What is the CVSS score of CVE-2017-0213?

CVE-2017-0213 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 92.7%.

Which versions of Windows COM Marshaler are affected by CVE-2017-0213?

CVE-2017-0213 is a local privilege escalation in Windows COM that allows authenticated users to gain system-level access, confirmed actively exploited in the wild with public exploit code available.. A patch is available.

Is there a public PoC exploit available for CVE-2017-0213?

Yes, a public proof-of-concept exploit is available for CVE-2017-0213. Prioritise patching immediately. EPSS: 92.7%.

How to fix or mitigate CVE-2017-0213?

Within 24 hours: Inventory all Windows systems running Server 2008 SP2, Server 2012/2012 R2, Server 2016, Windows 7 SP1, Windows 8.1, and Windows 10 versions prior to 1703. Within 7 days: Apply Microsoft Security Update from May 2017 (MS17-013 and related patches) to all affected systems; prioritize internet-facing and credential-holding systems first. Within 30 days: Complete patching of all vulnerable systems organization-wide and verify patch deployment via WSUS or endpoint management tool.

Windows COM Marshaler CVE-2017-0213

HIGH

2017-05-12 secure@microsoft.com

Information Disclosure Microsoft

7.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 14:03 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:16 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:16 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 00:16 nvd

Patch available

CVE Published

May 12, 2017 - 14:29 nvd

HIGH 7.3

DescriptionCVE.org

Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.

AnalysisAI

Local privilege escalation in the Windows COM Aggregate Marshaler affects all Windows versions from Server 2008 SP2 through Windows 10 1703, allowing low-privileged authenticated users to gain SYSTEM-level privileges through a specially crafted application. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code (Exploit-DB 42020) and an exceptionally high EPSS score of 92.69%, indicating near-certain real-world exploitation. Microsoft released patches in May 2017, but the widespread exploitation and broad platform impact make this a critical remediation priority for any unpatched Windows systems from this era.

Technical ContextAI

The Windows Component Object Model (COM) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. The COM Aggregate Marshaler handles inter-process communication and object serialization between COM components running at different privilege levels. This vulnerability exists in the marshaler's handling of COM objects when aggregating interfaces across security boundaries. When a low-privileged process creates a specially crafted COM object and leverages the marshaler to interact with higher-privileged processes, the marshaler fails to properly validate security tokens during the aggregation process. This allows the attacker's COM object to inherit elevated privileges from the target process. The affected CPE strings span a decade of Windows releases: Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 versions 1507/1511/1607/1703, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, and Windows Server 2016. The vulnerability is architectural rather than tied to a specific service, residing in core COM runtime libraries (combase.dll/ole32.dll) present across all Windows installations.

RemediationAI

Apply Microsoft's May 2017 security updates immediately via the platform-specific patches listed in security advisory CVE-2017-0213 at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0213. For Windows 7 and Server 2008 R2 systems now past end-of-life, organizations must either purchase Extended Security Updates (ESU) from Microsoft to receive the patch, migrate to supported Windows versions (Windows 10/11, Server 2016 or later), or implement compensating controls with significant operational impact. Compensating controls for unpatchable systems include: restricting local logon rights to only essential administrative accounts via Group Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > 'Allow log on locally'), which prevents low-privileged users from executing local exploits but severely limits workstation usability; deploying application whitelisting via Windows AppLocker or third-party solutions to block unauthorized executables, though this requires extensive baseline development and ongoing maintenance; and network segmentation to isolate vulnerable systems from internet-facing assets, reducing initial access vectors but not eliminating risk from insider threats or lateral movement. None of these mitigations fully address the vulnerability - patching or replacement remains the only complete solution. Organizations maintaining legacy systems should implement multiple compensating controls in defense-in-depth layers while accelerating migration timelines given confirmed active exploitation.

CVE-2017-0213 vulnerability details – vuln.today

Back

Windows COM Marshaler CVE-2017-0213

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code