Main Vulnerability Database Vulnerabilities #VU9310

#VU9310 Information disclosure in Windows and Windows Server - CVE-2017-11768

Published: November 14, 2017 / Updated: November 14, 2017

Vulnerability identifier: #VU9310

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-11768

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Windows Media Player due to improper disclosure of file information when handling user-supplied input. A local attacker can execute an application that submits malicious input to access sensitive information on the targeted system, which could be used to conduct additional attacks.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768

#VU9310 Information disclosure in Windows and Windows Server - CVE-2017-11768

Description

Remediation

External links

Please verify you're human