CVE-2017-0073

CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

9.8%

top 7.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Gdi+Microsoft Live Meeting Microsoft Lync +6 more

Timeline

PublishedMar 17

Latest updateMay 17

Description

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

▶CVEListV5microsoft_corporation/windows_gdi+The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511, 1607+1

▶NVDmicrosoft/lync2010, 2013+1

▶NVDmicrosoft/skype2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-83ph-46mx-g425: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2022-05-17

▶

CVEList

CVE-2017-0073: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8↗2017-03-17

▶

📋Vendor Advisories

Microsoft

Windows GDI Information Disclosure Vulnerability↗2017-03-14

▶