1. Home
  2. CVE Database
  3. CVE-2017-8680
MEDIUM · 5.5

CVE-2017-8680

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerabi...

Vulnerability Description

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftWindows 7-
MicrosoftWindows 8.1-
MicrosoftWindows Rt 8.1-
MicrosoftWindows Server 2008-
MicrosoftWindows Server 2012-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2017-8680?

CVE-2017-8680 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerabi...

How severe is CVE-2017-8680?

CVE-2017-8680 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8680?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Rt 8.1, Microsoft Windows Server 2008, Microsoft Windows Server 2012.