CVE-2023-32085
published 2023-07-11CVE-2023-32085: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
PriorityP422medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.51%
39.6th percentile
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_1607 | < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_1809 | < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_21h2 | < 10.0.19041.3208 | 10.0.19041.3208 |
| microsoft | windows_10_22h2 | < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3208 | 10.0.19044.3208 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_11_21h2 | < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_22h2 | < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24374 | 6.2.9200.24374 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21063 | 6.3.9600.21063 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1850 | 10.0.20348.1850 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jf64-4prw-vqc5: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
ghsa_unreviewed·2023-07-11
CVE-2023-32085 [MEDIUM] GHSA-jf64-4prw-vqc5: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
vendor_msrc·2023-07-11·CVSS 5.5
CVE-2023-32085 [MEDIUM] CWE-126 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An authenticated attacker with normal user permissions could use the Microsoft PS Class Driver to print a malicious XPS file, which could enable an information disclosure attack on the machine.
Please see Standard XPS Filters for more information.
FAQ: What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
Microsoft Printer Drivers: Microsoft Printer Drivers
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploita
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-11
Published