CVE-2017-0242Sensitive Information Exposure in Corporation Microsoft Windows

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
7.6%
top 8.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Corporation Microsoft WindowsMicrosoft Windows Server 2008Msrc Windows 7 FOR 32-bit Systems Service Pack 1+6 more
Timeline
PublishedMay 12
Latest updateMay 13

Description

An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5microsoft_corporation/microsoft_windowsWindows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 for Itanium-Based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1.

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-f632-54cw-cq5r: An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnera2022-05-13

📋Vendor Advisories

1
Microsoft
Microsoft ActiveX Information Disclosure Vulnerability2017-05-09

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - May 20172017-05-10