Home

CVE-2017-8473

Description

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka Win32k Information Disclosure Vulnerability. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.

Risk Information

Base Score
4.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
7.728

Associated Vulnerability

VulnerabilityOS Platform
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4022714) - CumulativeWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x86-based Systems (KB4022714) - CumulativeWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - CumulativeWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - CumulativeWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - DeltaWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - DeltaWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - CumulativeWindows
Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - DeltaWindows
Windows Kernel Information Disclosure Vulnerability for Windows Server 2008 for x64-based Systems (KB4022887)Windows
Windows Kernel Information Disclosure Vulnerability for Windows Server 2008 (KB4022887)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022722)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4022722)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4022722)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022717)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x64-based Systems (KB4022717)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x86-based Systems (KB4022717)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022726)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4022726)Windows
Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4022726)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-22673Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4022714)
PATCH-22672Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4022714)
PATCH-22676Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022715)
PATCH-22675Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715)
PATCH-227042017-06 Delta Update for Windows Server 2016 for x64-based Systems (KB4022715)
PATCH-226802017-06 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4022715)
PATCH-22674Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022715)
PATCH-226792017-06 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4022715)
PATCH-22577Security Update for Windows Server 2008 for x64-based Systems (KB4022887)
PATCH-22576Security Update for Windows Server 2008 (KB4022887)
PATCH-225802017-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)
PATCH-225792017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)
PATCH-225782017-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199)
PATCH-225832017-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4022722)
PATCH-225822017-06 Security Only Quality Update for Windows 7 for x64-based Systems (KB4022722)
PATCH-225812017-06 Security Only Quality Update for Windows 7 for x86-based Systems (KB4022722)
PATCH-225892017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717)
PATCH-225882017-06 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4022717)
PATCH-225872017-06 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4022717)
PATCH-225862017-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4022726)
PATCH-225852017-06 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4022726)
PATCH-225842017-06 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4022726)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234