CVE-2017-11853 (CNNVD-201711-515)
中文标题:
Microsoft Windows kernel 信息泄露漏洞
英文标题:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server ...
漏洞描述
中文描述:
Microsoft Windows 7 SP1等都是美国微软(Microsoft)公司的产品。Microsoft Windows 7 SP1是一套供个人电脑使用的操作系统;Windows Server 2008 SP2是一套服务器操作系统。kernel是使用在其中的一个内核。 Microsoft Windows中的kernel存在信息泄露漏洞,该漏洞源于程序没有正确的初始化内存地址。本地攻击者可通过登录到受影响的系统并运行特制的应用程序利用该漏洞获取信息。以下版本受到影响:Microsoft Windows 7 SP1,Windows Server 2008 SP2和R2 SP1, Windows 8.1,Windows RT 8.1,Windows Server 2012和 R2,Windows Server 2016,Windows Server版本1709。
英文描述:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Microsoft Corporation | Windows kernel | Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709. | - | - |
cpe:2.3:a:microsoft_corporation:windows_kernel:windows_7_sp1,_windows_server_2008_sp2_and_r2_sp1,_windows_8.1_and_rt_8.1,_server_2012_and_r2,_windows_10_gold,_1511,_1607,_1703,_and_1709,_windows_server_2016,_and_windows_server,_version_1709.:*:*:*:*:*:*:*
|
| microsoft | windows_10 | * | - | - |
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1511 | - | - |
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1607 | - | - |
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1703 | - | - |
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1709 | - | - |
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
|
| microsoft | windows_7 | * | - | - |
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
|
| microsoft | windows_8.1 | * | - | - |
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
|
| microsoft | windows_rt_8.1 | * | - | - |
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | * | - | - |
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
|
| microsoft | windows_server_2012 | * | - | - |
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
|
| microsoft | windows_server_2012 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
|
| microsoft | windows_server_2016 | * | - | - |
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-11853 |
2025-11-11 15:19:17 | 2025-11-11 07:34:33 |
| NVD | nvd_CVE-2017-11853 |
2025-11-11 14:55:33 | 2025-11-11 07:43:12 |
| CNNVD | cnnvd_CNNVD-201711-515 |
2025-11-11 15:09:55 | 2025-11-11 07:53:25 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 信息泄露
- cnnvd_id: 未提取 -> CNNVD-201711-515
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.5
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 14
- data_sources: ['cve'] -> ['cve', 'nvd']