CVE-2017-0073

CVE Database · CVE-2017-0073

CVE-2017-0073

· MEDIUMModified

CVSS v3.1

4.3

EPSS

33.36%

Published

Mar 16, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (23)

microsoft · live_meetingvulnerable

microsoft · lyncvulnerable

microsoft · officevulnerable

microsoft · office_word_viewervulnerable

microsoft · skype_for_businessvulnerable

microsoft · skype_for_business_basicvulnerable

microsoft · windows_10vulnerable