CVE-2017-11850
published 2017-11-15CVE-2017-11850: Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and…
PriorityP412low2.5CVSS 3.0
AVLACHPRLUINSUCLINAN
EPSS
2.85%
85.0th percentile
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | microsoft_graphics_component | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_version_1709 | — | — |
CVSS provenance
nvdv3.02.5LOWCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vwgf-9jxv-jc4g: Microsoft Graphics Component in Windows 8
ghsa_unreviewed·2022-05-17
CVE-2017-11850 [LOW] CWE-200 GHSA-vwgf-9jxv-jc4g: Microsoft Graphics Component in Windows 8
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
Microsoft
Microsoft Graphics Component Information Disclosure Vulnerability
vendor_msrc·2017-11-14·CVSS 4.7
CVE-2017-11850 [LOW] Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Rel
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/101738http://www.securitytracker.com/id/1039782https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850http://www.securityfocus.com/bid/101738http://www.securitytracker.com/id/1039782https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850
2017-11-15
Published