Endpoint Vulnerability

Windows GDI+ Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Affected Products

Microsoft Live Meeting 2007 Add-in,Microsoft Live Meeting 2007 Console,Microsoft Lync 2010 (32-bit),Microsoft Lync 2010 (64-bit),Microsoft Lync 2010 Attendee (admin level install),Microsoft Lync 2010 Attendee (user level install),Microsoft Lync 2013 Service Pack 1 (32-bit),Microsoft Lync 2013 Service Pack 1 (64-bit),Microsoft Lync Basic 2013 Service Pack 1 (32-bit),Microsoft Lync Basic 2013 Service Pack 1 (64-bit)

References

CVE-2017-8676,