CVE-2017-8575 — Sensitive Information Exposure in Corporation Microsoft Windows

CWE-200 — Sensitive Information Exposure CWE-125 — Out-of-bounds Read CWE-190 — Integer Overflow or Wraparound6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

2.1%

top 15.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Windows Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +8 more

Timeline

PublishedJun 29

Latest updateMay 17

Description

The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/microsoft_windowsWindows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xvp4-65m6-779w: The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specia↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Component Information Disclosure Vulnerability↗2017-06-13

▶

Red Hat

tcpdump: multiple overflow issues in protocol decoding↗2017-02-02

▶

Red Hat

tcpdump: multiple overflow issues in protocol decoding↗2017-02-02

▶

💬Community

HackerOne

CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().↗2019-10-08

▶