CVE-2018-8472: Infoleak
First published: Wed Oct 10 2018(Updated: )
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Windows 10 | =1803 | |
| Windows 10 | =1809 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1709 | |
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-8472?
CVE-2018-8472 is rated as important in severity due to its potential for information disclosure.
How do I fix CVE-2018-8472?
To mitigate CVE-2018-8472, users should apply the latest security updates provided by Microsoft.
Which versions of Windows are affected by CVE-2018-8472?
CVE-2018-8472 affects multiple versions of Windows including Windows 7, 8.1, 10, and various versions of Windows Server.
What type of vulnerability is CVE-2018-8472?
CVE-2018-8472 is classified as an information disclosure vulnerability.
Can CVE-2018-8472 be exploited remotely?
CVE-2018-8472 could allow an attacker to disclose information but requires local access to exploit.
- agent/type
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/windows 10
- version/windows 10/1607
- version/windows 10/1703
- version/windows 10/1709
- version/windows 10/1803
- version/windows 10/1809
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1709
- version/microsoft windows server 2016/1803
- canonical/microsoft windows server 2019