CVE-2017-8475

MEDIUM

Microsoft Windows 10 - Information Disclosure

Title source: rule

Description

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98853

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038659

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8475

Scores

CVSS v3 5.0

EPSS 0.0262

EPSS Percentile 85.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (14)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

... and 4 more

Published Jun 15, 2017

Tracked Since Feb 18, 2026