CVE-2017-0108

EUVD-2017-0475

17.03.2017, 00:59

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
microsoft	silverlight	5.0
microsoft	word_viewer	-
microsoft	windows_7	-
microsoft	windows_server_2008	-
microsoft	windows_vista	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 7

Service Pack 1 (x64, x86)

KB4012215

Windows Server 2008

Service Pack 2 (x64, x86)	KB4012583
Service Pack 2 Server Core (x64, x86)	KB4012583

Windows Server 2008 R2

Service Pack 1 (x64)	KB4012215
Service Pack 1 Server Core (x64)	KB4012215

Windows Vista

Service Pack 2	KB4012583
x64 Edition	KB4012583

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/96722

http://www.securitytracker.com/id/1038002

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108

https://www.exploit-db.com/exploits/41647/

http://www.securityfocus.com/bid/96722

http://www.securitytracker.com/id/1038002

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108

https://www.exploit-db.com/exploits/41647/