CVE-2017-8475
Description
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka Win32k Information Disclosure Vulnerability. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.
Risk Information
Base Score
4.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
2.617
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4022714) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x86-based Systems (KB4022714) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4022727) - Cumulative | Windows |
| for Windows 10 Version 1703 for x64-based Systems (KB4022725) - Cumulative | Windows |
| for Windows 10 Version 1703 for x64-based Systems (KB4022725) - Delta | Windows |
| for Windows 10 Version 1703 for x86-based Systems (KB4022725) - Cumulative | Windows |
| for Windows 10 Version 1703 for x86-based Systems (KB4022725) - Delta | Windows |
| Windows Kernel Information Disclosure Vulnerability for Windows Server 2008 for x64-based Systems (KB4022887) | Windows |
| Windows Kernel Information Disclosure Vulnerability for Windows Server 2008 (KB4022887) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022717) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x64-based Systems (KB4022717) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x86-based Systems (KB4022717) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022726) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4022726) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4022726) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2012 for x64-based Systems (KB4022718) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 for x64-based Systems (KB4022724) - Petya ransomware attack (CVE-2017-0199) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-22673 | Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4022714) |
| PATCH-22672 | Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4022714) |
| PATCH-22676 | Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022715) |
| PATCH-22675 | Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715) |
| PATCH-22704 | 2017-06 Delta Update for Windows Server 2016 for x64-based Systems (KB4022715) |
| PATCH-22680 | 2017-06 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4022715) |
| PATCH-22674 | Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022715) |
| PATCH-22679 | 2017-06 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4022715) |
| PATCH-22671 | Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4022727) |
| PATCH-22577 | Security Update for Windows Server 2008 for x64-based Systems (KB4022887) |
| PATCH-22576 | Security Update for Windows Server 2008 (KB4022887) |
| PATCH-22580 | 2017-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22579 | 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22578 | 2017-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22583 | 2017-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4022722) |
| PATCH-22582 | 2017-06 Security Only Quality Update for Windows 7 for x64-based Systems (KB4022722) |
| PATCH-22581 | 2017-06 Security Only Quality Update for Windows 7 for x86-based Systems (KB4022722) |
| PATCH-22589 | 2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717) |
| PATCH-22588 | 2017-06 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4022717) |
| PATCH-22587 | 2017-06 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4022717) |
| PATCH-22586 | 2017-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4022726) |
| PATCH-22585 | 2017-06 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4022726) |
| PATCH-22584 | 2017-06 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4022726) |
| PATCH-22591 | 2017-06 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4022718) |
| PATCH-22590 | 2017-06 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4022724) - Petya ransomware attack (CVE-2017-0199) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234