Information disclosure in Windows and Windows Server - CVE-2017-11815
Published: October 10, 2017 / Updated: October 10, 2017
Vulnerability identifier: #VU8776
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-11815
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to an error when the Windows SMB Server handles authenticated requests. A remote attacker can send SMB messages to an impacted Windows SMB Server and gain access arbitrary files.
The vulnerability exists due to an error when the Windows SMB Server handles authenticated requests. A remote attacker can send SMB messages to an impacted Windows SMB Server and gain access arbitrary files.
How to mitigate CVE-2017-11815
Install updates from vendor's website.