Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8682: Win32k Graphics Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-8682: Win32k Graphics Remote Code Execution Vulnerability

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
09/12/2017
Created
07/25/2018
Added
09/12/2017
Modified
09/11/2024

Description

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.

Solution(s)

  • microsoft-windows-windows_10-1507-kb4038781
  • microsoft-windows-windows_10-1511-kb4038783
  • microsoft-windows-windows_10-1607-kb4038782
  • microsoft-windows-windows_10-1703-kb4038788
  • microsoft-windows-windows_server_2012-kb4038786
  • microsoft-windows-windows_server_2012_r2-kb4038793
  • microsoft-windows-windows_server_2016-1607-kb4038782
  • msft-kb3213638-dfdbbd55-fdc3-47ad-8570-c68aaf946fe9
  • msft-kb3213638-f242d798-dc9f-48ed-b493-f033a4999345
  • msft-kb3213641-d0955758-bb02-4421-bd68-9c1819c98c29
  • msft-kb4011134-bf3b0d7f-f1d9-487c-93ab-624e982ea6ab
  • msft-kb4038779-1070c9d0-e91b-4bc4-b7b9-a64dd8e76951
  • msft-kb4038779-1f7d6ab2-b81a-4f48-859a-706a9990c78c
  • msft-kb4038779-3de7a78a-5b97-4df7-8bf6-36ebe20d3c75
  • msft-kb4038779-530b9069-0208-4eef-add4-da2b473e9ef8
  • msft-kb4038779-bb0be51a-f352-4d5f-b522-7d85d6e18585
  • msft-kb4038779-fcccb9ba-857f-484e-83be-fd0685a31efb
  • msft-kb4038786-2ac4d3a4-287f-4f33-bb61-b7b81245f55b
  • msft-kb4038786-793b7e3e-090e-472e-b275-b520b5832a77
  • msft-kb4038793-8c3d7238-564c-4ed3-ae6f-e3d9881f6f5f
  • msft-kb4038793-d97e9753-f904-44d9-87a2-35cbf248aef4
  • msft-kb4039384-01fdbbba-0a44-4250-947b-23500f80be96
  • msft-kb4039384-2ce7ed93-2244-43ed-afb7-f92c0122c5a8
  • msft-kb4039384-a616b2f4-a421-48cb-ab7c-eeb73f9ec042
  • msft-kb4039384-e2695aa7-d9ac-4fc4-b8c5-8dbb3c972a43

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;