CVE-2017-8685
Last modified
CVE-2017-8685 is a vulnerability of currently unknown severity. Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.. EPSS estimates a 3.04% chance of exploitation in the next 30 days.
Description
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows 7 | All versions | Sp1 |
| Microsoft | Windows Server 2008 | All versions | Sp2 |
| Microsoft | Windows Server 2008 | r2 | Sp1 |
References
- http://www.securityfocus.com/bid/100724Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039338Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685Patch, Vendor Advisory
- https://www.exploit-db.com/exploits/42748/Exploit, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/100724Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039338Third Party Advisory, VDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685Patch, Vendor Advisory
- https://www.exploit-db.com/exploits/42748/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8685?
How severe is CVE-2017-8685?
How do I fix CVE-2017-8685?
Are you affected by CVE-2017-8685?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST