Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-100782
HistorySep 12, 2017 - 12:00 a.m.

Microsoft Windows GDI+ Component CVE-2017-8684 Local Information Disclosure Vulnerability

2017-09-1200:00:00
Symantec Security Response
www.symantec.com
15

0.001 Low

EPSS

Percentile

47.3%

JSON

Description

Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Technologies Affected

  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.

Updates are available. Please see the references or vendor advisory for more information.

Related

zdt 1
mscve 1
prion 3
cve 3
googleprojectzero 1
mskb 7
openvas 4
nessus 4
kaspersky 2
talosblog 1
trendmicroblog 1
zdt
zdt
Microsoft Windows Kernel - win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure Exploit
2017-09-18 00:00:00
mscve
mscve
Windows GDI+ Information Disclosure Vulnerability
2017-09-12 07:00:00
prion
prion
Information disclosure
2017-09-13 01:29:00
Information disclosure
2017-09-13 01:29:00
Information disclosure
2017-09-13 01:29:00
cve
cve
CVE-2017-8684
2017-09-13 01:29:00
CVE-2017-8685
2017-09-13 01:29:00
CVE-2017-8688
2017-09-13 01:29:00
googleprojectzero
googleprojectzero
Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs
2017-10-05 00:00:00
mskb
mskb
Security update for the Windows Uniscribe vulnerabilities in Windows Server 2008: September 12, 2017
2017-09-12 07:00:00
September 12, 2017—KB4038779 (Security-only update)
2017-09-12 07:00:00
September 12, 2017—KB4038786 (Security-only update)
2017-09-12 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4039384)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4038777)
2017-09-13 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4038799)
2017-09-13 00:00:00
nessus
nessus
Windows 2008 September 2017 Multiple Security Updates
2017-09-12 00:00:00
Windows Server 2012 September 2017 Security Updates
2017-09-12 00:00:00
Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
2017-09-12 00:00:00
kaspersky
kaspersky
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
2017-09-12 00:00:00
KLA11099 Multiple vulnerabilities in Microsoft Windows
2017-09-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017
2017-09-15 14:59:53

0.001 Low

EPSS

Percentile

47.3%

JSON
Related for SMNTC-100782
zdt1mscve1prion3cve3googleprojectzero1mskb7openvas4nessus4kaspersky2talosblog1trendmicroblog1