CVE-2017-0192Sensitive Information Exposure in Corporation Windows

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
22.9%
top 4.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Microsoft Corporation WindowsMicrosoft Windows 10Microsoft Windows Server 2008+15 more
Timeline
PublishedApr 12
Latest updateMay 17

Description

The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages17 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-592m-8jvr-xr58: The Adobe Type Manager Font Driver (ATMFD2022-05-17

📋Vendor Advisories

1
Microsoft
OpenType Font Driver Information Disclosure Vulnerability2017-04-11

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Talos
Microsoft Patch Tuesday - April 20172017-04-12
Zscaler
Zscaler protects against 16 new vulnerabilities for MS
CVE-2017-0192 — Sensitive Information Exposure | cvebase