Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-11785: Windows Kernel Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2017-11785: Windows Kernel Information Disclosure Vulnerability

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
10/10/2017
Created
07/25/2018
Added
10/10/2017
Modified
11/18/2021

Description

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Solution(s)

  • msft-kb4041671-4d038e22-5ae0-452b-bece-3b2e2e7f73fc
  • msft-kb4041671-9f487825-2011-45cf-a23d-29fe8bbb7184
  • msft-kb4041671-f8073306-72fb-4c32-babc-67a8b19d4ac0
  • msft-kb4041676-1ff2737c-1aff-4e62-b1c6-9cfef29526a8
  • msft-kb4041676-b16fea38-0350-4f91-84a8-7eb01c1eb034
  • msft-kb4041678-45ea4c02-1f47-4865-a9a8-e3e12a123abd
  • msft-kb4041678-542b51ca-2e40-4c7c-b1f6-113dd3ad3fc2
  • msft-kb4041678-ab110ea9-218e-41f7-b51b-af6fba0a726f
  • msft-kb4041678-abc11d4b-adbb-47e6-af90-b9864891d46c
  • msft-kb4041678-cea9a334-2c33-4b56-ba35-b5a1b89793b2
  • msft-kb4041678-eb5e144d-d861-46b4-9fc4-251917ea63ad
  • msft-kb4041679-4340967a-c8b8-4200-92b4-aea2b1235e6d
  • msft-kb4041679-4aa7d02c-1328-4f53-b136-faf79e2475c8
  • msft-kb4041679-72b1b537-615d-4b25-b7e7-34350dcd0aab
  • msft-kb4041687-092e7af4-3dd9-4daf-b99f-27b776380751
  • msft-kb4041687-92b0c4d3-a90b-4879-ba50-5542e1183baf
  • msft-kb4041687-e36e24fc-789e-483f-bb72-01a3ec3eea74
  • msft-kb4041689-8ff2f636-c756-4a18-9b8c-2e961960a229
  • msft-kb4041689-c6c38d0b-3125-4a5a-bf3a-31cfc45fb07e
  • msft-kb4041691-27ba94ef-c1b7-4cd7-b091-7f818dee7983
  • msft-kb4041691-3f057cc9-5e08-431f-bbbe-32144c35e95e
  • msft-kb4041691-4006f198-f0ed-47b5-accc-284bdf382724
  • msft-kb4042895-6a029367-c557-48a9-b3e6-50d8904c370d
  • msft-kb4042895-d1a447dc-99ec-4b48-ab98-508c89ae01ee

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;