Information disclosure in Microsoft products - CVE-2017-8676
Published: September 12, 2017 / Updated: September 12, 2017
Vulnerability identifier: #VU8303
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8676
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Windows
Windows Server
Microsoft Office for macOS
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Detailed vulnerability description
The vulnerability allows a local user to obtain potentially sensitive information.
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.
How to mitigate CVE-2017-8676
Install updates from vendor's website.