CVE-2017-8678 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-8678 PUBLISHED CVSS 2.0999999046325684 LOW

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.

EPSS 20.35% · 95.5th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

20.35%

95.5th percentile

Affected Products

Vendor	Product	Versions
microsoft	windows_rt_8.1
microsoft	windows_server_2016
microsoft	windows_7
Microsoft Corporation	Windows kernel	Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
microsoft	windows_server_2012	r2
microsoft	windows_server_2008	r2
microsoft	windows_10	1703, 1607, 1511
microsoft	windows_8.1

Timeline

Sep 13, 2017 CVE Published
Sep 18, 2017 PoC Published
Sep 18, 2017 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/ advisory
42750 exploit
100769 vdb
1039325 vdb
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678 url
https://nvd.nist.gov/vuln/detail/CVE-2017-8678 advisory
https://www.exploit-db.com/exploits/42750 url

Open in Interactive Console →