#VU7034 Information disclosure in Windows and Windows Server - CVE-2017-8490
Published: June 13, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7034
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-8490
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to improper initialization of objects in memory by the Windows kernel. A local attacker can run a specially crafted application and obtain information to perform further attacks.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to improper initialization of objects in memory by the Windows kernel. A local attacker can run a specially crafted application and obtain information to perform further attacks.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.