CVE-2017-8687 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-8687 PUBLISHED CVSS 5.5 MEDIUM

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.

EPSS 22.73% · 95.8th percentile

Risk Scores

CVSS v3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

22.73%

95.8th percentile

Affected Products

Vendor	Product	Versions
microsoft	windows_rt_8.1
microsoft	windows_8.1
microsoft	windows_10	1511, 1607, 1703
microsoft	windows_7
microsoft	windows_server_2012	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2016
Microsoft Corporation	Windows kernel	Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Timeline

Sep 13, 2017 CVE Published
Sep 18, 2017 PoC Published
Sep 18, 2017 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Jan 2, 2023 EPSS Score

References

https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/ advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687 url
100736 vdb
42749 exploit
1039325 vdb
https://nvd.nist.gov/vuln/detail/CVE-2017-8687 advisory
https://www.exploit-db.com/exploits/42749 url

Open in Interactive Console →