CVE-2017-8680

MEDIUM

Microsoft Windows 7 - Information Disclosure

Title source: rule

Description

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · c++doswindows

https://www.exploit-db.com/exploits/42741

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100722

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039338

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42741/

Scores

CVSS v3 5.5

EPSS 0.2690

EPSS Percentile 96.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (8)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Microsoft Corporation/Windows kernel Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold a

Published Sep 13, 2017

Tracked Since Feb 18, 2026