The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
2017-03-17T00:59:01.917
2025-04-20T01:37:25.860
Deferred
CVSSv3.1: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | microsoft | live_meeting | 2007 | Yes |
| Application | microsoft | lync | 2010 | Yes |
| Application | microsoft | lync | 2010 | Yes |
| Application | microsoft | lync | 2013 | Yes |
| Application | microsoft | office | 2007 | Yes |
| Application | microsoft | office | 2010 | Yes |
| Application | microsoft | office_word_viewer | - | Yes |
| Application | microsoft | skype_for_business | 2016 | Yes |
| Application | microsoft | skype_for_business_basic | 2016 | Yes |
| Operating System | microsoft | windows_10 | - | Yes |
| Operating System | microsoft | windows_10 | 1511 | Yes |
| Operating System | microsoft | windows_10 | 1607 | Yes |
| Operating System | microsoft | windows_7 | - | Yes |
| Operating System | microsoft | windows_8.1 | - | Yes |
| Operating System | microsoft | windows_rt_8.1 | - | Yes |
| Operating System | microsoft | windows_server_2008 | - | Yes |
| Operating System | microsoft | windows_server_2008 | r2 | Yes |
| Operating System | microsoft | windows_server_2008 | r2 | Yes |
| Operating System | microsoft | windows_server_2012 | - | Yes |
| Operating System | microsoft | windows_server_2012 | r2 | Yes |
| Operating System | microsoft | windows_server_2016 | - | Yes |
| Operating System | microsoft | windows_vista | - | Yes |
| Operating System | microsoft | windows_vista | - | Yes |