Information disclosure in Microsoft Windows GDI component

Published: 2018-08-14 22:46:58 | Updated: 2018-08-14

Severity	Low
Patch available	YES
Number of vulnerabilities	3
CVE ID	CVE-2018-8394 CVE-2018-8396 CVE-2018-8398
CVSSv3	3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID	CWE-200
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Windows Windows Server
Vulnerable software versions	Windows 8.1 Windows 7 Windows 10 Windows RT 8.1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2008 Windows Server 2008 R2 Windows Server 2016
Vendor URL	Microsoft

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to an error when the Windows GDI component improperly discloses the contents of its memory. A remote attacker can trick the victim into visiting a specially crafted website or opening malicious content and obtain information to further compromise the user’s system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8394

2) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8396

3) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8398

Back to List

SaaS Vulnerability Scanner

Secure your network perimeter
Receive alerts on latest vulnerabilities
14-days free trial