CVE-2017-11831

MEDIUM

Windows kernel - Information Disclosure via Memory Initialization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11831. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates an information leak vulnerability in Windows 10 via the nt!NtQueryDirectoryFile system call, which discloses uninitialized kernel pool memory to user-mode clients. The PoC triggers the vulnerability by querying directory information for a specific file (e.g., explorer.exe) and prints the leaked memory contents.

Description

Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · c++doswindows

https://www.exploit-db.com/exploits/43165

View Code ZIP pw:eip

This exploit demonstrates an information leak vulnerability in Windows 10 via the nt!NtQueryDirectoryFile system call, which discloses uninitialized kernel pool memory to user-mode clients. The PoC triggers the vulnerability by querying directory information for a specific file (e.g., explorer.exe) and prints the leaked memory contents.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 10 (luafv.sys)

Auth required

Prerequisites: Local access to the target system · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1003 - OS Credential Dumping T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43165/

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11831

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039782

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101721

Scores

CVSS v3 4.7

EPSS 0.0297

EPSS Percentile 86.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (15)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server 1709

microsoft/windows_server_2008

... and 5 more

Published Nov 15, 2017

Tracked Since Feb 18, 2026