CVE-2017-0042 — Sensitive Information Exposure in Corporation Windows Directshow

CWE-200 — Sensitive Information Exposure10 documents5 sources

Severity

3.1LOWNVD

EPSS

14.4%

top 5.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

17

Microsoft Corporation Windows Directshow Microsoft Windows 10 Microsoft Windows Server 2008 +14 more

Timeline

PublishedMar 17

Latest updateMay 17

Description

Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages16 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-5ggj-cw9v-2523: Windows Media Player in Microsoft Windows 8↗2022-05-17

▶

📋Vendor Advisories

1

Microsoft

Windows DirectShow Information Disclosure Vulnerability↗2017-03-14

▶

🕵️Threat Intelligence

7

Trendmicro

March 2017 Patch Tuesday: 18 Security Bulletins↗2017-03-15

▶

Trendmicro

March 2017 Patch Tuesday: 18 Security Bulletins↗2017-03-15

▶

Trendmicro

March 2017 Patch Tuesday: 18 Security Bulletins↗2017-03-15

▶

Trendmicro

March 2017 Patch Tuesday: 18 Security Bulletins↗2017-03-15

▶

Trendmicro

March 2017 Patch Tuesday: 18 Security Bulletins↗2017-03-15

▶