Information Disclosure in Microsoft Windows GDI and Office Products
CVE-2017-8676

3.3LOW

Key Information:

Vendor
Microsoft
Status
Windows Graphics Device Interface (gdi)
Vendor
CVE Published:
13 September 2017

Summary

A security vulnerability exists within the Windows Graphics Device Interface (GDI) that allows an authenticated attacker to extract sensitive information from a compromised system. By exploiting this vulnerability through specially crafted applications, unauthorized data retrieval occurs, potentially leading to severe privacy breaches for users operating affected versions of Windows and Microsoft Office products. This vulnerability underscores the importance of implementing robust security measures and ensuring prompt updates to safeguard sensitive information.

Affected Version(s)

Windows Graphics Device Interface (GDI) Microsoft Windows Server 2008 SP2 and R2 SP1

Windows Graphics Device Interface (GDI) Windows 7 SP1

Windows Graphics Device Interface (GDI) Windows 8.1

References

http://www.securityfocus.com/bid/100755
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039333
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.