CVE-2017-8676

Summary

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationWindows Graphics Device Interface (GDI)Microsoft Windows Server 2008 SP2 and R2 SP1affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Windows 7 SP1affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Windows 8.1affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Windows Server 2012 Gold and R2affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Windows RT 8.1affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Windows 10 Gold, 1511, 1607, 1703, and Server 2016affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Office 2007 SP3affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Office 2010 SP2affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Word Vieweraffected
Microsoft CorporationWindows Graphics Device Interface (GDI)Office for Mac 2011 and 2016affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Skype for Business 2016affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Lync 2013 SP1affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Lync 2010affected
Microsoft CorporationWindows Graphics Device Interface (GDI)Lync 2010 Attendeeaffected
Microsoft CorporationWindows Graphics Device Interface (GDI)Live Meeting 2007 Add-in and Consoleaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References