HTTP: Microsoft Graphics Component CVE-2018-8472 Information Disclosure
An information disclosure vulnerability exists in the GDI components of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted document, or webpage. Successful exploitation could result in the disclosure of information that can be used to circumvent Address Space Layout Randomization (ASLR) in Windows.
Extended Description
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Affected Products
Microsoft windows_server_2016
References
CVE: CVE-2018-8472
Short Name
HTTP:STC:DL:GDI-WMF-ID
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-8472 Component Disclosure Graphics Information Microsoft
Release Date
12/05/2018
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Microsoft
CVSS Score
2.1