CVE-2017-11927

Опубликовано: 12 дек. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Средний

Описание

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".

Ссылки

http://www.securityfocus.com/bid/102095
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039997
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102095
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039997
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.20851

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-11927

CVSS3: 4.3

msrc

больше 7 лет назад

Microsoft Windows Information Disclosure Vulnerability

GHSA-m93g-73w8-3q73