Information Disclosure Vulnerability in Microsoft Windows GDI+
CVE-2017-8685

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Gdi+
Vendor
CVE Published:
13 September 2017

Summary

The vulnerability in Microsoft Windows GDI+ allows attackers to access sensitive kernel memory addresses, potentially leading to unauthorized information disclosure. This risk affects systems running Windows Server 2008 SP2, Windows Server R2 SP1, and Windows 7 SP1, making it crucial for users to understand the implications and implement necessary security measures.

Affected Version(s)

Windows GDI+ Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

https://www.exploit-db.com/exploits/42748/
exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1039338
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.