Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-0060
Severity
5.5MEDIUM
EPSS
3.3%
top 12.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedMar 17
Latest updateMay 17
Description
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5microsoft_corporation/windows_gdi+The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-gwg4-p93p-j3h7: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-17
CVEList▶
CVE-2017-0060: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2017-03-17