Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8676: Windows GDI+ Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-8676: Windows GDI+ Information Disclosure Vulnerability

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
09/12/2017
Created
07/25/2018
Added
09/12/2017
Modified
06/10/2024

Description

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."

Solution(s)

  • microsoft-windows-windows_10-1507-kb4038781
  • microsoft-windows-windows_10-1511-kb4038783
  • microsoft-windows-windows_10-1607-kb4038782
  • microsoft-windows-windows_10-1703-kb4038788
  • msft-kb3213638-dfdbbd55-fdc3-47ad-8570-c68aaf946fe9
  • msft-kb3213638-f242d798-dc9f-48ed-b493-f033a4999345
  • msft-kb3213641-d0955758-bb02-4421-bd68-9c1819c98c29
  • msft-kb4011107-00ad99ce-edc3-4a7a-924f-537f2ffcbe76
  • msft-kb4011107-7f41e080-1a96-4fb6-bf7c-dcbf07343e6b
  • msft-kb4011134-bf3b0d7f-f1d9-487c-93ab-624e982ea6ab
  • msft-kb4025865-215c87d1-956c-450b-9102-264e9c4f10af
  • msft-kb4025865-26ee1609-086b-47b2-ab8c-8903f01fac2a
  • msft-kb4025866-22f9cca3-1c65-4e58-9549-575c3056a84c
  • msft-kb4038779-1070c9d0-e91b-4bc4-b7b9-a64dd8e76951
  • msft-kb4038779-1f7d6ab2-b81a-4f48-859a-706a9990c78c
  • msft-kb4038779-3de7a78a-5b97-4df7-8bf6-36ebe20d3c75
  • msft-kb4038779-530b9069-0208-4eef-add4-da2b473e9ef8
  • msft-kb4038779-bb0be51a-f352-4d5f-b522-7d85d6e18585
  • msft-kb4038779-fcccb9ba-857f-484e-83be-fd0685a31efb
  • msft-kb4038782-e895239d-88ad-4ac3-b68f-8abb6b489d19
  • msft-kb4038786-2ac4d3a4-287f-4f33-bb61-b7b81245f55b
  • msft-kb4038786-6c356cec-ee0d-458a-9561-daba4b9d324a
  • msft-kb4038786-793b7e3e-090e-472e-b275-b520b5832a77
  • msft-kb4038793-8c3d7238-564c-4ed3-ae6f-e3d9881f6f5f
  • msft-kb4038793-9516efa8-6493-43de-979c-ebf2aa89aa69
  • msft-kb4038793-d97e9753-f904-44d9-87a2-35cbf248aef4
  • msft-kb4039384-01fdbbba-0a44-4250-947b-23500f80be96
  • msft-kb4039384-2ce7ed93-2244-43ed-afb7-f92c0122c5a8
  • msft-kb4039384-a616b2f4-a421-48cb-ab7c-eeb73f9ec042
  • msft-kb4039384-e2695aa7-d9ac-4fc4-b8c5-8dbb3c972a43

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;