CVE-2017-8687 — Vulnetix

CVE-2017-8687 PUBLISHED CVSS 5.5 MEDIUM

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.

EPSS 22.73% · 96.0th percentile

Risk Scores

CVSS 3.0

5.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

22.73%

96.0th percentile

Affected Products

Vendor	Product	Versions
microsoft	windows_rt_8.1
microsoft	windows_8.1
microsoft	windows_10	1703, 1607, 1511
microsoft	windows_7
microsoft	windows_server_2012	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2016
Microsoft Corporation	Windows kernel	*

Exploit Intelligence

https://www.exploit-db.com/exploits/42749/ (nist-nvd)
CIRCL exploited: CVE-2017-8687 (circl-sighting)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687 (circl)
100736 (circl)
1039325 (circl)
Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure Exploit (0day-today)
Microsoft Windows Kernel - win32k!NtGdiDoBanding Stack Memory Disclosure Exploit (0day-today)

Timeline

Sep 13, 2017 CVE Published
Sep 18, 2017 PoC Published
Sep 18, 2017 PoC Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score

References

https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/ advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687 url
100736 vdb
42749 exploit
1039325 vdb
https://nvd.nist.gov/vuln/detail/CVE-2017-8687 advisory
https://www.exploit-db.com/exploits/42749 url

Open in Interactive Console →