Vulnerability Manager Plus

Windows GDI Information Disclosure Vulnerability for Windows Vista for x64-based Systems (KB4017018)

Risk Information

Base Score

4.5

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

EPSS Score

Exploitation Probability

80.464%

CVE Information

Source CVE
CVE-2017-0038

Associated CVE
CVE-2017-0038

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
22337

Patch Description
Update for Windows Vista for x64-based Systems (KB4017018)

References

http://www.securityfocus.com/bid/96023
http://www.securitytracker.com/id/1037845
https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2017-0038
https://www.exploit-db.com/exploits/41363/