CVE-2017-0096
published 2017-03-17CVE-2017-0096: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and…
PriorityP412low2.6CVSS 3.0
AVAACHPRHUINSCCLINAN
EPSS
1.92%
77.4th percentile
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | hyper-v | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.02.6LOWCVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N
nvdv2.02.3LOWAV:A/AC:M/Au:S/C:P/I:N/A:N
vendor_msrc2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Hyper-V Information Disclosure Vulnerability
vendor_msrc·2017-03-14·CVSS 2.6
CVE-2017-0096 [LOW] Windows Hyper-V Information Disclosure Vulnerability
Windows Hyper-V Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.
An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system.
The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Windows Hyper-V: Windows Hyper-V
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information
GHSA
GHSA-vf58-xj6v-hp7c: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-0096 [LOW] CWE-200 GHSA-vf58-xj6v-hp7c: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/96701http://www.securitytracker.com/id/1037999https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096http://www.securityfocus.com/bid/96701http://www.securitytracker.com/id/1037999https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096
2017-03-17
Published