CVE-2022-37985

Name of the Vulnerable Software and Affected Versions Windows Graphics Component (affected versions not specified)

Description The issue is related to an information disclosure vulnerability in the Windows Graphics component, which can allow an attacker to gain unauthorized access to protected information. This vulnerability involves the exposure of data in an erroneous data area. Technical details about exploitation include the use of a native network channel to exfiltrate leaked memory data. Specifically, setting the Filename field to start with a UNC path, such as ??UNC<IP address>@<port>, can direct data to a WebDAV server, potentially allowing data exfiltration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.