Main Vulnerability Database Vulnerabilities #VU8305

#VU8305 Information disclosure in Windows and Windows Server - CVE-2017-8684

Published: September 12, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU8305

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8684

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8684

#VU8305 Information disclosure in Windows and Windows Server - CVE-2017-8684

Description

Remediation

External links

Please verify you're human