CVE-2017-0245
published 2017-05-12CVE-2017-0245: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a…
PriorityP335medium4.7CVSS 3.0
AVLACHPRLUINSUCHINAN
EXPLOIT
EPSS
7.70%
93.9th percentile
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft_corporation | microsoft_windows | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-67qh-8f83-32gr: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to exec
ghsa_unreviewed·2022-05-17
CVE-2017-0245 [MEDIUM] CWE-200 GHSA-67qh-8f83-32gr: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to exec
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."
Microsoft
Win32k Information Disclosure Vulnerability
vendor_msrc·2017-05-09·CVSS 4.7
CVE-2017-0245 [MEDIUM] Win32k Information Disclosure Vulnerability
Win32k Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
The security update addresses the vulnerability by correcting how win32k handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation Less Likely
No detection rules found.
http://www.securityfocus.com/bid/98115https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245https://www.exploit-db.com/exploits/42008/http://www.securityfocus.com/bid/98115https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0245https://www.exploit-db.com/exploits/42008/
2017-05-12
Published