CVE-2017-0061

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 2.6

EPSS Средний

Описание

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.

Ссылки

http://www.securityfocus.com/bid/96638
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41657/
http://www.securityfocus.com/bid/96638
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41657/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.21453

Средний

5.3 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-0061

CVSS3: 4.7

msrc

больше 8 лет назад

Microsoft Color Management Information Disclosure Vulnerability

GHSA-ghj3-wcfw-j5vr