CVE-2017-11832Sensitive Information Exposure in Corporation Microsoft Graphics

CWE-200Sensitive Information Exposure6 documents4 sources
Severity
5.5MEDIUMNVD
NVD4.7
EPSS
1.2%
top 21.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft Corporation Microsoft GraphicsMicrosoft Windows Server 2008Msrc Windows 7 FOR 32-bit Systems Service Pack 1+7 more
Timeline
PublishedNov 15
Latest updateMay 17

Description

The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages10 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-3h53-6977-c549: Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be dis2022-05-17
GHSA
GHSA-3vgj-5w55-27c9: The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an2022-05-17

📋Vendor Advisories

1
Microsoft
Windows EOT Font Engine Information Disclosure Vulnerability2017-11-14

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - November 20172017-11-14