Vulnerability Name: | CVE-2017-0188 (CCN-123872) | ||||||||||||
Assigned: | 2016-09-09 | ||||||||||||
Published: | 2017-04-11 | ||||||||||||
Updated: | 2017-07-11 | ||||||||||||
Summary: | A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189. | ||||||||||||
CVSS v3 Severity: | 3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-0188 Source: BID Type: Third Party Advisory, VDB Entry 97475 Source: CCN Type: BID-97475 Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0188 Local Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1038239 Source: XF Type: UNKNOWN ms-kmd-cve20170188-info-disc(123872) Source: CCN Type: Microsoft Security Tech Center Security Update Guide Source: CONFIRM Type: Mitigation, Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0188 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |