CVE-2017-11927

EUVD-2017-3513
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
*
microsoftwindows_rt_8.1
*
microsoftwindows_server_2008
-
microsoftwindows_server_2012
*
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4103716
1511 (x64, x86)
KB4053578
1607 (x64, x86)
KB4103723
1703 (x64, x86)
KB4103731
1709 (x64, x86)
KB4103727
Windows 7
Service Pack 1 (x64, x86)
KB4103718
Windows 8.1
(x64, x86)
KB4103725
Windows RT 8.1
All
KB4103725
Windows Server
1709 Server Core
KB4103727
Windows Server 2008
Service Pack 2 (x64, x86)
KB4130957
Service Pack 2 Server Core (x64, x86)
KB4130957
Windows Server 2008 R2
Service Pack 1 (x64)
KB4103718
Service Pack 1 Server Core (x64)
KB4103718
Windows Server 2012
Server Core
KB4103730
Standard
KB4103730
Windows Server 2012 R2
Server Core
KB4103725
Standard
KB4103725
Windows Server 2016
Server Core
KB4103723
Standard
KB4103723
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102095
http://www.securitytracker.com/id/1039997
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927
http://www.securityfocus.com/bid/102095
http://www.securitytracker.com/id/1039997
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927