CVE-2017-0190
published 2017-05-12CVE-2017-0190: The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10…
PriorityP434medium4.4CVSS 3.0
AVLACLPRHUINSUCHINAN
EPSS
43.46%
98.6th percentile
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | microsoft_windows | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
CVSS provenance
nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows GDI Information Disclosure Vulnerability
vendor_msrc·2017-05-09·CVSS 4.2
CVE-2017-0190 [MEDIUM] Windows GDI Information Disclosure Vulnerability
Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how GDI handles memory addresses.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Information Disclosure
Exploit Status: Publicl
GHSA
GHSA-4xhw-j487-w7p2: The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-0190 [MEDIUM] CWE-200 GHSA-4xhw-j487-w7p2: The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - May 2017
blogs_talos·2017-05-10·CVSS 7.5
CVE-2017-0290 [HIGH] Microsoft Patch Tuesday - May 2017
Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 56 vulnerabilities with 15 of them rated critical and 41 rated important. Impacted products include .NET, DirectX, Edge, Internet Explorer, Office, Sharepoint, and Windows.
In addition to the coverage Talos is providing for the normal monthly Microsoft security advisories, Talos is also providing coverage for CVE-2017-0290, the MsMpEng Malware Protection service vulnerability in Windows reported by Natalie Silvanovich and Tavis Ormandy of Google Project Zero. Snort rule SIDs for this specific vulnerability are 42820-42821.
## Vulnerabilities Rated Critical The following vulnerabilities are rated critical by Microsoft:
- CVE-2017-0221
- CVE-2017-0222
- CV
Bugzilla
CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 9.8
CVE-2017-5380 [CRITICAL] CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
A potential use-after-free found through fuzzing during DOM manipulation of SVG content.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380
Acknowledgements:
Name: the Mozilla project
Upstream: Nils
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2017:0238 https://rhn.redhat.com/errata/RHSA-2017-0238.html
Bugzilla
CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 7.5
CVE-2017-5378 [HIGH] CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378
Acknowledgements:
Name: the Mozilla project
Upstream: Jann Horn
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise
Bugzilla
CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 5.3
CVE-2017-5383 [MEDIUM] CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
Acknowledgements:
Name: the Mozilla project
Upstream: Armin Razmjou
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux
Bugzilla
CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 9.8
CVE-2017-5376 [CRITICAL] CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
Use-after-free while manipulating XSL in XSLT documents
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
Acknowledgements:
Name: the Mozilla project
Upstream: Nicolas Grégoire
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2017:0238 https://rhn.redhat.com/errata/RHSA-2017-0238.html
Bugzilla
CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 9.8
CVE-2017-5375 [CRITICAL] CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375
Acknowledgements:
Name: the Mozilla project
Upstream: Rh0
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2017:0238 https://rhn.redhat.com/errata/RHSA
Bugzilla
CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 9.8
CVE-2017-5390 [CRITICAL] CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390
Acknowledgements:
Name: the Mozilla project
Upstream: Jerri Rice
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Bugzilla
CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 7.3
CVE-2017-5386 [HIGH] CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386
Acknowledgements:
Name: the Mozilla project
Upstream: Muneaki Nishimura
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
Bugzilla
CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
bugzilla·2017-01-25·CVSS 9.8
CVE-2017-5396 [CRITICAL] CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396
Acknowledgements:
Name: the Mozilla project
Upstream: Filipe Gomes
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:0190 https://rhn.redhat.com/errata/RHSA-2017-0190.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 5
Via RHSA-2017:0238 https://rhn.
http://www.securityfocus.com/bid/98298http://www.securitytracker.com/id/1038451https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190http://www.securityfocus.com/bid/98298http://www.securitytracker.com/id/1038451https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0190
2017-05-12
Published