CVE-2017-8473

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.

References

http://www.securityfocus.com/bid/98852

http://www.securitytracker.com/id/1038659

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8473

https://www.exploit-db.com/exploits/42226/

Details

Source: MITRE

Published: 2017-06-15

Updated: 2019-03-18

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.3

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
100786Windows 2008 June 2017 Multiple Security UpdatesNessusWindows : Microsoft Bulletins
critical
100765KB4022727: Windows 10 Version 1507 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical
100764Windows 8.1 and Windows Server 2012 R2 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100762Windows Server 2012 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100761Windows 7 and Windows Server 2008 R2 June 2017 Security UpdatesNessusWindows : Microsoft Bulletins
critical
100760KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical
100759KB4022714: Windows 10 Version 1511 June 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
critical