Lucene search

MicrosoftCVE-2017-0283

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-0283

2017-06-1501:29:01

microsoft

web.nvd.nist.gov

105

cve-2017-0283

uniscribe

windows server

windows 7

windows 8.1

windows 10

microsoft office

microsoft lync

skype for business

microsoft silverlight

remote code execution

memory handling

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.407

Percentile

97.3%

JSON

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Uniscribe Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8528.

Affected configurations

Nvd

Vulners

Node

microsoftlyncMatch2013sp1

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp2

microsoftoffice_word_viewerMatch-

microsoftsilverlightMatch5.0windows

microsoftskype_for_businessMatch2016

microsoftwindows_10

microsoftwindows_10Match1511

microsoftwindows_10Match1607

microsoftwindows_10Match1703

microsoftwindows_7Match-sp1

microsoftwindows_8.1

microsoftwindows_8.1Matchrt

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

VendorProductVersionCPE
microsoftlync2013cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
microsoftoffice_word_viewer-cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
microsoftsilverlight5.0cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:windows:*:*
microsoftskype_for_business2016cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
microsoftwindows_10*cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
microsoftwindows_101511cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101703cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	lync	2013	cpe:2.3:a:microsoft:lync:2013:sp1::::::
microsoft	office	2007	cpe:2.3:a:microsoft:office:2007:sp3::::::
microsoft	office	2010	cpe:2.3:a:microsoft:office:2010:sp2::::::
microsoft	office_word_viewer	-	cpe:2.3:a:microsoft:office_word_viewer:-:::::::*
microsoft	silverlight	5.0	cpe:2.3:a:microsoft:silverlight:5.0:::::windows::
microsoft	skype_for_business	2016	cpe:2.3:a:microsoft:skype_for_business:2016:::::::*
microsoft	windows_10	*	cpe:2.3:o:microsoft:windows_10::::::::
microsoft	windows_10	1511	cpe:2.3:o:microsoft:windows_10:1511:::::::*
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_10	1703	cpe:2.3:o:microsoft:windows_10:1703:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Uniscribe",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
      }
    ]
  }
]