OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.
CVSS base score 4.7 CVSS impact score 3.6 CVSS exploitability score 1.0 confidentialityImpact HIGH integrityImpact NONE availabilityImpact NONE
CVE-2017-0220:
CVSS base score 4.7
CVSS impact score 3.6
CVSS exploitability score 1.0
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE
CVE-2017-0220: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.
CVE-2017-0220:
Access Vector
Access Complexity
Authentication
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.