EUVD-2017-17635

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Windows GDI+ on multiple Windows versions allows information disclosure of kernel memory addresses.

Reporter	Title	Published	Views	Family All 41
CNVD	Microsoft Windows GDI+ Information Disclosure Vulnerability (CNVD-2017-33469)	13 Sep 201700:00	–	cnvd
CVE	CVE-2017-8688	13 Sep 201701:00	–	cve
Cvelist	CVE-2017-8688	13 Sep 201701:00	–	cvelist
Microsoft KB	September 12, 2017—KB4038777 (Monthly Rollup)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038779 (Security-only update)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038781 (OS Build 10240.17609)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038782 (OS Build 14393.1715)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038783 (OS Build 10586.1106)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038786 (Security-only update)	12 Sep 201707:00	–	mskb
Microsoft KB	September 12, 2017—KB4038788 (OS Build 15063.608)	12 Sep 201707:00	–	mskb

[
  {
    "enisaIdVendor": [
      {
        "id": "fe88e238-d55f-3293-8af3-9509f13ccdb6",
        "vendor": {
          "name": "Microsoft Corporation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b27dd21f-9399-3f09-9259-c0bd2ba03961",
        "product": {
          "name": "Windows GDI+"
        },
        "product_version": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/100756
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8688
securitytracker	www.securitytracker.com/id/1039338
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.8Medium risk

Vulners AI Score6.8

CVSS 35.5

CVSS 22.1

EPSS0.06191