Vulnerability & Exploit Database

Back to search

Microsoft CVE-2017-11927: Microsoft Windows Information Disclosure Vulnerability

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:P/I:N/A:N) December 11, 2017 December 11, 2017 January 01, 2018

Description

An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

msft-kb4053473-10f92069-f9c1-4b1c-83d5-21b6a0d6ff81