Windows GDI Information Disclosure Vulnerability (CVE-2017-11852) Executive Summary Release Date: Nov 14, 2017 Assigning CNA: Microsoft CVE Org Link: CVE-2017-11852 Description: A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. Exploitation: To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Exploitability Publicly disclosed: No Exploited: No Exploitability assessment: Exploitation More Likely Acknowledgements Seonunghardt (@seonunghardt @Seonunghardt) and Team Pwn4Fun from Best of the Best (BOB)