Description
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/42234
References (6)
Core 6
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42234/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038675
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283
Issue Tracking x_refsource_misc
https://bugs.chromium.org/p/project-zero/issues/detail?id=1198
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98920
Various Sources x_refsource_misc
https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html
Scores
CVSS v3
8.8
EPSS
0.5600
EPSS Percentile
98.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (19)
microsoft/lync
2013 sp1
microsoft/office
2007 sp3
microsoft/office
2010 sp2
microsoft/office_word_viewer
microsoft/silverlight
5.0
microsoft/skype_for_business
2016
microsoft/windows_10
microsoft/windows_10
1511
microsoft/windows_10
1607
microsoft/windows_10
1703
... and 9 more
Published
Jun 15, 2017
Tracked Since
Feb 18, 2026