Information Disclosure in Microsoft Graphics Component for Windows Products
CVE-2017-11850

2.5LOW

Key Information:

Vendor

Microsoft
Status
Microsoft Graphics Component
Vendor
CVE Published:
15 November 2017

What is CVE-2017-11850?

The Microsoft Graphics Component in various versions of Windows allows unauthorized access to sensitive data through a flaw in memory object handling. An attacker can exploit this vulnerability by logging onto the affected system and executing a specially crafted application, potentially leading to unauthorized information disclosure. This underlines the importance of applying security updates and patches to safeguard systems from such vulnerabilities.

Affected Version(s)

Microsoft Graphics Component Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709.

References

http://www.securityfocus.com/bid/101738
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039782
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.