CVE-2023-32016
published 2023-06-14CVE-2023-32016: Windows Installer Information Disclosure Vulnerability
PriorityP420medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.67%
47.0th percentile
Windows Installer Information Disclosure Vulnerability
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.19983 | 10.0.10240.19983 |
| microsoft | windows_10_1607 | < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_1809 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_21h2 | < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_22h2 | < 10.0.19045.3087 | 10.0.19045.3087 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.19983 | 10.0.10240.19983 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3086 | 10.0.19045.3086 |
| microsoft | windows_11_21h2 | < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_22h2 | < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26564 | 6.1.7601.26564 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22113 | 6.0.6003.22113 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24314 | 6.2.9200.24314 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21013 | 6.3.9600.21013 |
| microsoft | windows_server_2016 | < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_server_2019 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Installer Information Disclosure Vulnerability
vendor_msrc·2023-06-13·CVSS 5.5
CVE-2023-32016 [MEDIUM] CWE-908 Windows Installer Information Disclosure Vulnerability
Windows Installer Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
Windows Installer: Windows Installer
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222
Reference: https://support.microsoft.com/help/5027222
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225
Reference: https://support.microsoft.com/help/5027225
Reference: https://catalog.update.microsoft.com/v7/site/Se
GHSA
GHSA-xc2q-prrj-8cp6: Windows Installer Information Disclosure Vulnerability
ghsa_unreviewed·2023-06-14
CVE-2023-32016 [MEDIUM] CWE-668 GHSA-xc2q-prrj-8cp6: Windows Installer Information Disclosure Vulnerability
Windows Installer Information Disclosure Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-14
Published