CVE-2017-0089

HIGH

Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-0089. PoCs published by Google Security Research, rainhawk13.

AI-analyzed exploit summary This exploit demonstrates a crash in the Windows Uniscribe library (USP10!UpdateGlyphFlags) due to a corrupted font file, leading to an access violation. The PoC includes crashing samples and requires PageHeap or specific conditions to reproduce reliably.

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/41652

View Code ZIP pw:eip

This exploit demonstrates a crash in the Windows Uniscribe library (USP10!UpdateGlyphFlags) due to a corrupted font file, leading to an access violation. The PoC includes crashing samples and requires PageHeap or specific conditions to reproduce reliably.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable (With Pageheap Or Specific Conditions)

Target: Microsoft Windows Uniscribe (USP10.dll) on Windows 7

No auth needed

Prerequisites: Corrupted font file · PageHeap enabled (for easier reproduction) · Custom program to display font glyphs

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SUSPICIOUS

by rainhawk13 · poc

https://github.com/rainhawk13/Added-Pentest-Ground-to-vulnerable-websites-for-training

View Code ZIP pw:eip

The repository contains only a README with a CVE description and external references but no actual exploit code or technical details. It appears to be a placeholder or lure without functional content.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96606

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41652/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037992

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089

Scores

CVSS v3 8.8

EPSS 0.5734

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_vista

Microsoft Corporation/Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

Published Mar 17, 2017

Tracked Since Feb 18, 2026