CVE-2017-11852
Description
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the users system, due improperly disclosing kernel memory addresses, aka Windows GDI Information Disclosure Vulnerability.
Risk Information
Base Score
4.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
4.118
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Scripting Engine Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4048957) | Windows |
| Scripting Engine Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4048957) | Windows |
| Scripting Engine Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4048957) | Windows |
| Windows Search Denial of Service Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4048960) | Windows |
| Windows Search Denial of Service Vulnerability for Windows 7 for x64-based Systems (KB4048960) | Windows |
| Windows Search Denial of Service Vulnerability for Windows 7 for x86-based Systems (KB4048960) | Windows |
| Windows Kernel Information Disclosure Vulnerability for vulnerabilities in Windows Server 2008 for x64-based Systems (KB4048970) | Windows |
| Windows Kernel Information Disclosure Vulnerability for vulnerabilities in Windows Server 2008 (KB4048970) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-23374 | 2017-11 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4048957) |
| PATCH-23373 | 2017-11 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4048957) |
| PATCH-23372 | 2017-11 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4048957) |
| PATCH-23381 | 2017-11 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4048960) |
| PATCH-23380 | 2017-11 Security Only Quality Update for Windows 7 for x64-based Systems (KB4048960) |
| PATCH-23379 | 2017-11 Security Only Quality Update for Windows 7 for x86-based Systems (KB4048960) |
| PATCH-23413 | Security Update for Windows Server 2008 for x64-based Systems (KB4048970) |
| PATCH-23412 | Security Update for Windows Server 2008 (KB4048970) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234