Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-0060

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Gdi+
Vendor
CVE Published:
17 March 2017

Summary

The Graphics Device Interface (GDI) in various Microsoft Windows products contains a flaw that permits remote attackers to extract sensitive information from the process memory through a specially crafted website. This security issue affects multiple versions of Windows, resulting in an exposure of confidential data which could lead to further exploitation if not properly resolved. Organizations should take immediate action to apply security updates and mitigate risks associated with this vulnerability.

Affected Version(s)

Windows GDI+ The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

References

http://www.securityfocus.com/bid/96713
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/41656/
exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1038002
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-0060 : Information Disclosure Vulnerability in Microsoft Windows Products | SecurityVulnerability.io