#VU8303 Information disclosure in Microsoft products - CVE-2017-8676
Published: September 12, 2017 / Updated: September 12, 2017
Vulnerability identifier: #VU8303
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8676
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Windows
Windows Server
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to obtain potentially sensitive information.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.
Remediation
Install updates from vendor's website.