CVE-2018-0750
published 2018-01-04CVE-2018-0750: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are…
PriorityP424medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
1.70%
74.4th percentile
The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft_corporation | windows_gdi | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p576-rfhm-3mg3: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way object
ghsa_unreviewed·2022-05-13
CVE-2018-0750 [MEDIUM] GHSA-p576-rfhm-3mg3: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way object
The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".
Microsoft
Windows GDI Information Disclosure Vulnerability
vendor_msrc·2018-01-09·CVSS 5.5
CVE-2018-0750 [MEDIUM] Windows GDI Information Disclosure Vulnerability
Windows GDI Information Disclosure Vulnerability
Description: A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Microsoft Graphics Componen
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
## Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002 . Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users shoul
Talos
Microsoft Patch Tuesday - January 2018
blogs_talos·2018-01-09·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2018
Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more.
In addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in ADV180002. Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users should refer to Microsoft's knowledge base articl
http://www.securityfocus.com/bid/102357http://www.securitytracker.com/id/1040091https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0750http://www.securityfocus.com/bid/102357http://www.securitytracker.com/id/1040091https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0750
2018-01-04
Published