OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.
CVSS base score 4.7
CVSS impact score 3.6
CVSS exploitability score 1.0
- microsoft windows_7 *
- microsoft windowsserver2008 *
- microsoft windowsserver2008 r2
- microsoft windowsserver2012 -
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.