Main Vulnerability Database Vulnerabilities #VU8305

Information disclosure in Windows and Windows Server - CVE-2017-8684

Published: September 12, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU8305

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8684

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.

How to mitigate CVE-2017-8684

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8684

Information disclosure in Windows and Windows Server - CVE-2017-8684

Detailed vulnerability description

How to mitigate CVE-2017-8684

Sources

Please verify you're human