Microsoft Search Information Disclosure Vulnerability - CVE-2017-11772ID: oval:org.secpod.oval:def:42324 | Date: (C)2017-10-11 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. Additionally, in an enterprise scenario, a remote unauthenticated attacker could trigger the vulnerability through an SMB connection. The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |