Microsoft Windows Information Disclosure Vulnerability - CVE-2017-11927ID: oval:org.secpod.oval:def:43168 | Date: (C)2017-12-13 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |