CVE-2017-8692

HIGH

Microsoft Windows 10 - Memory Corruption

Title source: rule

Description

The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability".

Exploits (1)

gitlab WRITEUP

by yongchuank · poc

https://gitlab.com/yongchuank/cve-2017-8692-msexcel-protected-view-071200-oob

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100762

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039344

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8692

Scores

CVSS v3 7.5

EPSS 0.3148

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (9)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

Microsoft Corporation/Windows Uniscribe Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607

Published Sep 13, 2017

Tracked Since Feb 18, 2026