Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8492 — Sensitive Information Exposure in Microsoft Windows 10
Severity
5.0MEDIUMNVD
EPSS
14.8%
top 5.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 15
Latest updateMay 14
Description
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CV…
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages14 packages
Patches
🔴Vulnerability Details
10GHSA▶
GHSA-9ppx-ghhq-mvrf: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-8p32-7pqq-p38g: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-xqfj-957m-q7h8: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-qwrx-c2h9-rm2q: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-9qw4-jpw7-fvqc: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows - 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure↗2017-06-21