CVE-2017-8676

2017-09-13 03:29:09 2017-09-21 20:26:14

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Microsoft Office 2011 Mac Microsoft Office 2010 Sp2 (not an official CPE) Microsoft Lync 2013 Sp1 (not an official CPE) Microsoft Lync 2010 Attendee client Microsoft Office word viewer - (not an official CPE) Microsoft Office 2016 Mac (not an official CPE) Microsoft Office 2007 Sp3 (not an official CPE) Microsoft Live meeting 2007 (not an official CPE) Microsoft Skype for business 2016 (not an official CPE) Microsoft Lync 2010 (not an official CPE)

Microsoft - Windows rt 8.1 Microsoft - Windows 10 Microsoft - Windows 8.1 Microsoft - Windows server 2012 Microsoft - Windows server 2008 Microsoft - Office Microsoft - Office 2010 Microsoft - Lync Microsoft - Office word viewer Microsoft - Office 2007 Microsoft - Windows 7 Microsoft - Windows server 2016 Microsoft - Live meeting Microsoft - Skype for business

Advisory	Patch	Confirmed	Link
			https://portal.msrc.microsoft.com/en-US/security-guidanc...
			100755
			1039333

CVE-2017-8676

2017-09-13 03:29:09 2017-09-21 20:26:14

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Information Exposure (ID 200)