CVE-2017-8693 — Sensitive Information Exposure in Corporation Microsoft Graphics Component

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

6.2%

top 9.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Graphics Component Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +8 more

Timeline

PublishedOct 13

Latest updateMay 17

Description

The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶CVEListV5microsoft_corporation/microsoft_graphics_componentMicrosoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mm7q-m26q-8937: The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerab↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Component Information Disclosure Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶