Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.9
CVSSv2

CVE-2017-8488

Published: 15/06/2017 Updated: 18/03/2019
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 5 | Impact Score: 3.6 | Exploitability Score: 1.3
VMScore: 195
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated malicious user to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2012 -

Exploits

Exploit DB: Microsoft Windows - 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure
/* Source: bugschromiumorg/p/project-zero/issues/detail?id=1150&desc=2 We have discovered that the handler of the IOCTL_MOUNTMGR_QUERY_POINTS IOCTL in mountmgrsys discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes On our test Windows 7 32-bit workstation, an example layout ...

References

CWE-200https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8488http://www.securityfocus.com/bid/98864https://www.exploit-db.com/exploits/42212/https://nvd.nist.govhttps://www.exploit-db.com/exploits/42212/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook