CVE-2017-11835

Опубликовано: 15 нояб. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.

Ссылки

http://www.securityfocus.com/bid/101736
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039782
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101736
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039782
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02807

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-11835

CVSS3: 4.7

msrc

больше 7 лет назад

Windows EOT Font Engine Information Disclosure Vulnerability

GHSA-3h53-6977-c549