CVE-2017-8696

EUVD-2017-17643

13.09.2017, 01:29

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
microsoft	office_2007	-
microsoft	office_2010	*
microsoft	office_word_viewer	-
microsoft	windows_7	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 7

Service Pack 1 (x64, x86)

Windows Server 2008

Service Pack 2 (x64, x86)	KB4039384
Service Pack 2 Server Core (x64, x86)	KB4039384

Windows Server 2008 R2

Service Pack 1 (x64)	KB4038779
Service Pack 1 Server Core (x64)	KB4038779

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/100780

http://www.securitytracker.com/id/1039344

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696

http://www.securityfocus.com/bid/100780

http://www.securitytracker.com/id/1039344

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696