CVE-2017-8472 Information

Description

Microsoft Windows 7 SP1 Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory aka \Win32k Information Disclosure Vulnerability. This CVE ID is unique from CVE-2017-8470 CVE-2017-8471 CVE-2017-8473 CVE-2017-8475 CVE-2017-8477 and CVE-2017-8484.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/98851 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8472 https://www.exploit-db.com/exploits/42225/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.0