Information Disclosure Vulnerability in Microsoft Graphics Components
CVE-2017-8531

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Graphics
Vendor: CVE Published:; 15 June 2017

Summary

The vulnerability in Microsoft graphics components exposes sensitive memory contents, which can be exploited by malicious actors to reveal private information on systems running various versions of Windows and Microsoft Office. This defect occurs due to improper memory handling within the Graphics Uniscribe engine, potentially allowing attackers to read sensitive data from memory, thus leading to unauthorized disclosure of confidential information.

Affected Version(s)

Graphics Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2

References

http://www.securityfocus.com/bid/98819

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2017
Vulnerability Reserved
May 3, 2017