Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2017-8685 — Sensitive Information Exposure in Corporation Windows GDI
Severity
5.5MEDIUMNVD
EPSS
26.9%
top 3.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedSep 13
Latest updateMay 17
Description
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages10 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-h298-mq6p-crvr: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17
GHSA▶
GHSA-m6q3-2qv4-4mgx: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14
GHSA▶
GHSA-p283-vv7w-w6hx: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory ad↗2022-05-14
Project0
▶
💥Exploits & PoCs
1Exploit-DB
▶
📋Vendor Advisories
1🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple ↗2016-10-17