Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8477 — Sensitive Information Exposure in Corporation Microsoft Windows
Severity
5.0MEDIUMNVD
EPSS
3.1%
top 13.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 15
Latest updateMay 14
Description
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages15 packages
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-7ww3-745v-h3cr: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-9m9x-c9hj-8jv7: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-qxcw-cmhq-372v: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an↗2022-05-14
GHSA▶
GHSA-3mfm-5w42-34pq: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 201↗2022-05-14
GHSA▶
GHSA-9qrx-7rxg-3jpq: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted applic↗2022-05-14