Bird_banner_small4
Microsoft Windows Graphics Component CVE-2017-11816 Information Disclosure
TSL ID TSL20171010-28
CVE ID(s) CVE-2017-11816
Severity Moderate
Description

An information disclosure vulnerability has been reported in the GDI component of Microsoft Windows. The vulnerability is due to an out-of-bounds read error when processing a WMF file.

A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page or document. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.

The vendor, Microsoft, has released the following advisories regarding this vulnerability:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11816

Affected Products
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2016
CVSS Score Base 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is NONE
Temporal 3.2 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11816
https://twitter.com/symeonp/status/918049171101437959
Related Threats