#Windows Remote Procedure Call Runtime

**How could an attacker exploit the vulnerability?** To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

**According to the score, privileges required is equal to low. In this situation, what does that mean?** An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. **How can an attacker exploit this vulnerability?** The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. **What is RPC runtime?** See this article for more information on RPC and RPC Runtime.

*What security feature could be bypassed by exploiting this vulnerability?* This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation.