|CVSS SCORE||4.9, (AV:L/AC:L/Au:N/C:C/I:N/A:N)|
The specific flaw exists within the handling of the NtGdiQueryFonts function. The issue lies in the failure to sanitize a buffer before returning its contents resulting in the leak of a kernel address. An attacker can leverage this vulnerability to leak sensitive information in the context of SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||WanderingGlitch - Trend Micro Zero Day Initiative