Information Disclosure Vulnerability in Windows Media Player by Microsoft
CVE-2017-11768

2.5LOW

Key Information:

Vendor
Microsoft
Status
Windows Media Player
Vendor
CVE Published:
15 November 2017

Summary

Windows Media Player, present in various Windows operating systems, has a vulnerability that could allow remote attackers to determine the presence of files stored on the disk. This is achieved through a specially crafted application that exploits the way in which Windows Media Player discloses file information. This information disclosure vulnerability could potentially expose sensitive data, making system security particularly crucial for affected versions.

Affected Version(s)

Windows Media Player Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709.

References

http://www.securitytracker.com/id/1039794
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101705
vdb-entryx_refsource_BID

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.