4.7
CVE-2017-0058
- EPSS 16.49%
- Veröffentlicht 12.04.2017 14:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginA Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 Version1511
Microsoft ≫ Windows 10 Version1607
Microsoft ≫ Windows 10 Version1703
Microsoft ≫ Windows Server 2008 Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Vista Updatesp2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.49% | 0.946 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.