CVE-2017-0188

Опубликовано: 12 апр. 2017

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189.

Ссылки

http://www.securityfocus.com/bid/97475
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038239
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0188
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/97475
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038239
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0188
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.05109

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-0188

CVSS3: 4.4

msrc

около 8 лет назад

Win32k Information Disclosure Vulnerability

GHSA-g9w7-8hcr-36c9