CVE-2017-8553
published 2017-06-15CVE-2017-8553: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1…
PriorityP422medium4.7CVSS 3.0
AVLACHPRLUINSUCHINAN
EPSS
2.54%
83.0th percentile
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_kernel | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mvcc-9fpf-cmrm: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2017-8553 [MEDIUM] CWE-200 GHSA-mvcc-9fpf-cmrm: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".
Microsoft
Windows Kernel Information Disclosure Vulnerability
vendor_msrc·2017-06-13·CVSS 4.7
CVE-2017-8553 [MEDIUM] Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
An authenticated attacker could exploit this vulnerability by running a specially crafted application.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.c
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/98940http://www.securitytracker.com/id/1038662https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8553http://www.securityfocus.com/bid/98940http://www.securitytracker.com/id/1038662https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8553
2017-06-15
Published