Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0167Sensitive Information Exposure in Corporation Windows

CWE-200Sensitive Information Exposure11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
9.8%
top 7.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
13
Microsoft Corporation WindowsMicrosoft Windows 10Microsoft Windows Server 2012+10 more
Timeline
PublishedApr 12
Latest updateMay 17

Description

An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-2h9f-vrvc-wfwh: An information disclosure vulnerability exists in Windows 82022-05-17

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure2017-04-13

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2017-04-11

🕵️Threat Intelligence

5
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Recorded Future
China's Influence on National Network Vulnerability Publications | Recorded Future
Zscaler
Zscaler protects against 16 new vulnerabilities for MS
Recorded Future
China's Influence on National Network Vulnerability Publications
CVE-2017-0167 — Sensitive Information Exposure | cvebase