Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8476 — Sensitive Information Exposure in Corporation Microsoft Windows
Severity
5.5MEDIUMNVD
NVD5.0
EPSS
15.7%
top 5.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 15
Latest updateMay 17
Description
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CV…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages16 packages
Patches
🔴Vulnerability Details
19GHSA▶
GHSA-c255-fhwm-4cwm: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17
GHSA▶
GHSA-9525-wqf7-w23h: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17
GHSA▶
GHSA-6qxm-5w27-9jp6: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17
GHSA▶
GHSA-9ppx-ghhq-mvrf: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-7mp5-wx3q-rvg3: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure↗2017-06-22