5.5

CVE-2017-0060

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftLive Meeting Version2007
MicrosoftLync Version2010
MicrosoftLync Version2010 SwEditionattendee
MicrosoftLync Version2013 Updatesp1
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftSkype For Business Version2016
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1511
MicrosoftWindows 10 Version1607
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
MicrosoftWindows Vista Version- Updatesp2
MicrosoftWindows Vista Version- Updatesp2 HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.11% 0.863
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securitytracker.com/id/1038002
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/96713
Third Party Advisory
Broken Link
VDB Entry
https://www.exploit-db.com/exploits/41656/
Third Party Advisory
VDB Entry