CVE-2017-8680

Опубликовано: 13 сент. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Средний

Описание

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.

Ссылки

http://www.securityfocus.com/bid/100722
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039338
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/42741/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100722
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039338
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/42741/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26895

Средний

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-8680

CVSS3: 5.5

msrc

почти 8 лет назад

Windows GDI+ Information Disclosure Vulnerability

GHSA-4gwh-8mhq-2rcm

CVSS3: 5.5

github

около 3 лет назад

EPSS

Процентиль: 96%

0.26895

Средний

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200