CVE-2017-11850
low
CVSS v3
2.5
CVSS v2
1.9
VIR risk
2.5
Description
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
Predictions
Exploit likelihood
27%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | affected | |
| windows | 1511 | affected | |
| windows | 1607 | affected | |
| windows | 1703 | affected | |
| windows | 1709 | affected | |
| windows | affected | | |
| windows | r2 | affected | |
References
- http://www.securityfocus.com/bid/101738
- http://www.securitytracker.com/id/1039782
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850
- http://www.securityfocus.com/bid/101738
- http://www.securitytracker.com/id/1039782
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.