CVE-2017-0167

MEDIUM

Windows Kernel Memory Handling Information Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0167. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates an information leak vulnerability in Windows 10 (CVE-2017-0167) by hooking the user32!fnINLPUAHDRAWMENUITEM callback to disclose uninitialized kernel stack memory, which can be used to bypass kASLR.

Description

An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · c++doswindows

https://www.exploit-db.com/exploits/41880

View Code ZIP pw:eip

This exploit demonstrates an information leak vulnerability in Windows 10 (CVE-2017-0167) by hooking the user32!fnINLPUAHDRAWMENUITEM callback to disclose uninitialized kernel stack memory, which can be used to bypass kASLR.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 10 (32-bit, version 1607)

No auth needed

Prerequisites: Local access to a vulnerable Windows 10 system

MITRE ATT&CK

T1082 - System Information Discovery T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97473

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41880/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038239

Scores

CVSS v3 5.5

EPSS 0.0979

EPSS Percentile 93.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (9)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

Microsoft Corporation/Windows Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016

Published Apr 12, 2017

Tracked Since Feb 18, 2026