Medium severity5.5NVD Advisory· Published May 12, 2017· Updated May 13, 2026

CVE-2017-0242

Description

An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."

Affected products

Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Microsoft/Windows Server 20083 versions
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
Microsoft Corporation/Microsoft Windowsv5
Range: Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 for Itanium-Based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242nvdPatchVendor Advisory
www.securityfocus.com/bid/98275nvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000