Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-0259 — Sensitive Information Exposure in Corporation Microsoft Windows
Severity
4.7MEDIUMNVD
EPSS
3.2%
top 13.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 12
Latest updateMay 17
Description
The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6
Affected Packages16 packages
▶CVEListV5microsoft_corporation/microsoft_windowsMicrosoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-gjgh-xm4c-7q3x: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensiti↗2022-05-17
GHSA▶
GHSA-2h8j-5vrm-5737: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a speci↗2022-05-14
GHSA▶
GHSA-cw7v-rc9m-6mcv: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-13
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 10 Kernel - 'nt!NtTraceControl (EtwpSetProviderTraits)' Pool Memory Disclosure↗2017-05-15