CVE-2017-0190Sensitive Information Exposure in Corporation Microsoft Windows

CWE-200Sensitive Information Exposure12 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
2.1%
top 15.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Corporation Microsoft WindowsMicrosoft Windows 10Microsoft Windows Server 2008+11 more
Timeline
PublishedMay 12
Latest updateMay 17

Description

The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages13 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-4xhw-j487-w7p2: The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17

📋Vendor Advisories

1
Microsoft
Windows GDI Information Disclosure Vulnerability2017-05-09

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - May 20172017-05-10

💬Community

8
Bugzilla
CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)2017-01-25
Bugzilla
CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)2017-01-25
Bugzilla
CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)2017-01-25
Bugzilla
CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)2017-01-25
Bugzilla
CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)2017-01-25
CVE-2017-0190 — Sensitive Information Exposure | cvebase