CVE-2017-0190

Опубликовано: 12 мая 2017

Источник: nvd

CVSS3: 4.4

CVSS2: 2.1

EPSS Низкий

Описание

The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."

Ссылки

http://www.securityfocus.com/bid/98298
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038451
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98298
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038451
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01149

Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-0190

CVSS3: 4.2

msrc

около 8 лет назад

Windows GDI Information Disclosure Vulnerability

GHSA-4xhw-j487-w7p2