Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-8486

4.7MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Windows 7 Sp1, Windows Server 2008 Sp2 And R2 Sp1, Windows 8.1 And Windows Rt 8.1, Windows Server 2012 And R2, Windows 10 Gold, 1511, 1607, 1703, And Windows Server 2016.
Vendor
CVE Published:
11 July 2017

Summary

This vulnerability in Microsoft Windows allows attackers to access sensitive information due to improper handling of objects in memory. It affects multiple Windows versions, including Windows 7, 8.1, and Windows 10, posing risks for users by potentially exposing confidential data to unauthorized parties. The issue stems from flaws in the win32k.sys component, which can be exploited to retrieve information from the system's memory.

Affected Version(s)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016. Microsoft Windows

References

https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99414
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038853
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.