Vulnerability Name: CVE-2017-0175 (CCN-125306) Assigned: 2016-09-09 Published: 2017-05-09 Updated: 2018-10-30 Summary: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220 , CVE-2017-0258 , and CVE-2017-0259 . CVSS v3 Severity: 4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N )4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N )4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2017-0175 Source: BID Type: Third Party Advisory, VDB Entry98110 Source: CCN Type: BID-98110Microsoft Windows Kernel CVE-2017-0175 Local Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1038452 Source: XF Type: UNKNOWNms-kernel-cve20170175-info-disc(125306) Source: CCN Type: Microsoft Security TechCenterSecurity Update Guide - May 2017 Security Updates Source: CONFIRM Type: Mitigation, Patch, Vendor Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0175 Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry42009 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* Denotes that component is vulnerable BACK
microsoft windows 7 *
microsoft windows server 2008 -
microsoft windows server 2008 r2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2