CVE-2017-0167 : An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, W

An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."

Published 2017-04-12 14:59:01

Updated 2017-08-16 01:29:14

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2017-0167

Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-0167

EPSS FAQ

11.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0167

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2017-0167

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0167

http://www.securitytracker.com/id/1038239

Windows Kernel Bugs Let Remote Authenticated Users Deny Service and Local Users Obtain Potentially Sensitive Information and Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167

CVE-2017-0167 | Windows Kernel Information Disclosure Vulnerability
Patch;Vendor Advisory
http://www.securityfocus.com/bid/97473

Microsoft Windows Kernel CVE-2017-0167 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/41880/

Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure

Jump to

Vulnerability Details : CVE-2017-0167

Products affected by CVE-2017-0167

Exploit prediction scoring system (EPSS) score for CVE-2017-0167

CVSS scores for CVE-2017-0167

CWE ids for CVE-2017-0167

References for CVE-2017-0167