Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-0286

5MEDIUM

Key Information:

Vendor
Microsoft
Status
Uniscribe
Vendor
CVE Published:
15 June 2017

Summary

An information disclosure vulnerability exists in the way that Microsoft Windows handles graphics, potentially allowing an attacker to view sensitive information stored in memory. The affected versions include several iterations of Windows Server and Windows client products, including but not limited to Windows 7, Windows 10, and their server counterparts. Exploitation of this vulnerability could allow unauthorized access to memory contents, posing risks to the confidentiality of user data.

Affected Version(s)

Uniscribe Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

References

http://www.securityfocus.com/bid/98891
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/42238/
exploitx_refsource_EXPLOIT-DB

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.