Main Vulnerability Database Vulnerabilities #VU8306

#VU8306 Information disclosure in Windows Server and Windows - CVE-2017-8685

Published: September 12, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU8306

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8685

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Windows Server
Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685

#VU8306 Information disclosure in Windows Server and Windows - CVE-2017-8685

Description

Remediation

External links

Please verify you're human