Information disclosure in Windows Server and Windows - CVE-2017-8575
Published: June 26, 2017
Vulnerability identifier: #VU7200
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8575
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows Server
Windows
Windows Server
Windows
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The weakness exists due to improper handling of objects in memory by the Windows Graphics component. A local attacker can run a specially crafted application and read arbitrary files on the system.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to improper handling of objects in memory by the Windows Graphics component. A local attacker can run a specially crafted application and read arbitrary files on the system.
Successful exploitation of the vulnerability may result in information disclosure.
How to mitigate CVE-2017-8575
Install update from vendor's website.