CVE-2017-11768
low-risk
Published 2017-11-15
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."
Do I need to act?
~
1.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.5/10
Low
LOCAL
/ HIGH complexity
Affected Products (1)
Windows Media Player
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/101705
Third Party Advisory
http://www.securitytracker.com/id/1039794
Third Party Advisory
http://www.securityfocus.com/bid/101705
Third Party Advisory
http://www.securitytracker.com/id/1039794
15
/ 100
low-risk
Severity
6/34 · Minimal
Exploitability
4/34 · Minimal
Exposure
5/34 · Minimal