ID CVE-2017-0077
Summary The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 98114
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0077
sectrack 1038454
vulnerable_product via4
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 12-05-2017 - 14:29
Back to Top