HTTP: Microsoft Windows API CVE-2018-8565 Information Disclosure
An information disclosure vulnerability exists in API SetWindowPos that discloses portions of uninitialized pool memory to user-mode clients. Attackers can use this issue for Info disclosure.
Extended Description
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Affected Products
Microsoft windows_server_2016
References
CVE: CVE-2018-8565
Short Name
HTTP:STC:CVE-2018-8565-ID
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
API CVE-2018-8565 Disclosure Information Microsoft Windows
Release Date
11/13/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.1