CVE-2017-0090

HIGH

Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1 - Remote Code Execution via Uniscribe

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0090. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in the Windows Uniscribe library (USP10) when processing corrupted font files. The crash occurs in functions related to BuildFSM, leading to access violations, and can be triggered by displaying text with a malformed font.

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/41653

View Code ZIP pw:eip

This exploit demonstrates a memory corruption vulnerability in the Windows Uniscribe library (USP10) when processing corrupted font files. The crash occurs in functions related to BuildFSM, leading to access violations, and can be triggered by displaying text with a malformed font.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Uniscribe (USP10) on Windows 7

No auth needed

Prerequisites: Corrupted font file · Application that renders text using the vulnerable font

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41653/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96607

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037992

Scores

CVSS v3 8.8

EPSS 0.4255

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_vista

Microsoft Corporation/Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

Published Mar 17, 2017

Tracked Since Feb 18, 2026