Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0038: Windows GDI Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0038: Windows GDI Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

03/14/2017

Created

07/25/2018

Added

03/14/2017

Modified

02/16/2023

Description

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Solution(s)

msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
msft-kb4012214-1949e6d5-95b0-4e90-acfb-73c9d295fbbf
msft-kb4012214-57dbd57f-89b2-4abb-8582-14fc17870bb8
msft-kb4012214-b4d71d8b-1f2d-4958-ad08-e379293d71e8
msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c
msft-kb4017018-48ae8420-32a4-4c6c-a78e-4af1b879865d
msft-kb4017018-4acb7e5d-a1b0-43b2-9fd6-0b248a2af613
msft-kb4017018-5cb42753-dd56-4e21-a9ad-e65bcc551752
msft-kb4017018-60a3cf59-dec7-4757-9015-1b30f166dcee
msft-kb4017018-c9a4d555-0ded-48b2-8595-72114fac8e3d
msft-kb4017018-cac0b0e7-abbe-4ce8-b6f5-a4a884939899

References

https://attackerkb.com/topics/cve-2017-0038
CVE - 2017-0038
4012212
4012213
4012214
4012215
4012216
4012217
4012606
4013198
4013429
4017018
MS17-006
MS17-008

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0038: Windows GDI Information Disclosure Vulnerability

Microsoft CVE-2017-0038: Windows GDI Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.