CVE-2017-0072

HIGH

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0072. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow in Windows Uniscribe (USP10!FillAlternatesList) due to improper handling of the cMaxAlternates parameter in ScriptGetFontAlternateGlyphs, leading to memory corruption. A malformed font file triggers the vulnerability, causing an access violation when writing beyond the allocated buffer.

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/41654

View Code ZIP pw:eip

The exploit demonstrates a buffer overflow in Windows Uniscribe (USP10!FillAlternatesList) due to improper handling of the cMaxAlternates parameter in ScriptGetFontAlternateGlyphs, leading to memory corruption. A malformed font file triggers the vulnerability, causing an access violation when writing beyond the allocated buffer.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Uniscribe (USP10.dll) on Windows 7

No auth needed

Prerequisites: Custom program to call ScriptGetFontAlternateGlyphs · Malformed font file

MITRE ATT&CK

T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41654/

Mitigation, Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96599

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037992

Scores

CVSS v3 8.8

EPSS 0.4255

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_vista

Microsoft Corporation/Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

Published Mar 17, 2017

Tracked Since Feb 18, 2026