Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-0062

4.7MEDIUM

Key Information:

Vendor

Microsoft
Status
Windows Gdi+
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0062?

The Graphics Device Interface (GDI) in various Microsoft Windows versions has a vulnerability that allows remote attackers to gain access to sensitive information stored in process memory through specially crafted websites. This flaw can be exploited to compromise user data and system integrity, differentiating it from other known vulnerabilities.

Affected Version(s)

Windows GDI+ The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

References

http://www.securityfocus.com/bid/96715
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038002
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.