Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0286

CWE-200Information Exposure5 documents5 sources
Severity
5.0MEDIUM
EPSS
10.6%
top 6.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft Corporation GraphicsMicrosoft Corporation UniscribeMicrosoft Office+1 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages4 packages

CVEListV5microsoft_corporation/graphicsWindows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
NVDmicrosoft/office2007, 2010+1
CVEListV5microsoft_corporation/uniscribeWindows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9p97-qj3g-q7m8: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
CVEList
CVE-2017-0286: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82017-06-15

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'USP10!NextCharInLiga' Uniscribe Font Processing Out-of-Bounds Memory Read2017-06-23

📋Vendor Advisories

1
Microsoft
Windows GDI Information Disclosure Vulnerability2017-06-13