Main Vulnerability Database Vulnerabilities #VU8306

Information disclosure in Windows Server and Windows - CVE-2017-8685

Published: September 12, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU8306

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8685

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Microsoft

Affected software:
Windows Server
Windows

Detailed vulnerability description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.

How to mitigate CVE-2017-8685

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685

Information disclosure in Windows Server and Windows - CVE-2017-8685

Detailed vulnerability description

How to mitigate CVE-2017-8685

Sources

Please verify you're human