Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0289Sensitive Information Exposure in Corporation Graphics

CWE-200Sensitive Information Exposure17 documents5 sources
Severity
6.5MEDIUMNVD
NVD5.0
EPSS
7.8%
top 8.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
19
Microsoft Corporation GraphicsMicrosoft OfficeMicrosoft Windows 10+16 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages18 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-qmwx-4m5c-33pr: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-hmhx-mm8v-3r86: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-47rh-5vgh-57gr: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-9p97-qj3g-q7m8: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-cj37-6c6x-3fg3: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'USP10!otlValueRecord::adjustPos' Uniscribe Font Processing Out-of-Bounds Memory Read2017-06-23

📋Vendor Advisories

1
Microsoft
Windows GDI Information Disclosure Vulnerability2017-06-13

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - June 20172017-06-13