Lucene search

[email protected]NVD:CVE-2017-0073

HistoryMar 17, 2017 - 12:59 a.m.

CVE-2017-0073

2017-03-1700:59:01

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.1

Confidence

High

EPSS

0.058

Percentile

93.4%

JSON

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Windows GDI+ Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

Affected configurations

Nvd

Node

microsoftlive_meetingMatch2007

microsoftlyncMatch2010

microsoftlyncMatch2010attendee

microsoftlyncMatch2013sp1

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp2

microsoftoffice_word_viewerMatch-

microsoftskype_for_businessMatch2016

microsoftskype_for_business_basicMatch2016

microsoftwindows_10Match-

microsoftwindows_10Match1511

microsoftwindows_10Match1607

microsoftwindows_7Match-sp1

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

microsoftwindows_vistaMatch-sp2

microsoftwindows_vistaMatch-sp2x64

VendorProductVersionCPE
microsoftlive_meeting2007cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*
microsoftlync2010cpe:2.3:a:microsoft:lync:2010:*:*:*:attendee:*:*:*
microsoftlync2013cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice_word_viewer-cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
microsoftskype_for_business2016cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
microsoftskype_for_business_basic2016cpe:2.3:a:microsoft:skype_for_business_basic:2016:*:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	live_meeting	2007	cpe:2.3:a:microsoft:live_meeting:2007:::::::*
microsoft	lync	2010	cpe:2.3:a:microsoft:lync:2010:::::::*
microsoft	lync	2010	cpe:2.3:a:microsoft:lync:2010::::attendee:::
microsoft	lync	2013	cpe:2.3:a:microsoft:lync:2013:sp1::::::
microsoft	office	2007	cpe:2.3:a:microsoft:office:2007:sp3::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office_word_viewer	-	cpe:2.3:a:microsoft:office_word_viewer:-:::::::*
microsoft	skype_for_business	2016	cpe:2.3:a:microsoft:skype_for_business:2016:::::::*
microsoft	skype_for_business_basic	2016	cpe:2.3:a:microsoft:skype_for_business_basic:2016:::::::*
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*