Main Vulnerability Database Vulnerabilities #VU6476

Information disclosure in Windows and Windows Server - CVE-2017-0267

Published: May 9, 2017

Vulnerability identifier: #VU6476

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-0267

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

How to mitigate CVE-2017-0267

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267

Information disclosure in Windows and Windows Server - CVE-2017-0267

Detailed vulnerability description

How to mitigate CVE-2017-0267

Sources

Please verify you're human