Kaspersky LabKLA11052KLA11052 Multiple vulnerabilities in Windows Uniscribe
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.143 Low
EPSS
Percentile
95.8%
Multiple serious vulnerabilities have been found in Microsoft Windows Uniscribe. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.
Below is a complete list of vulnerabilities:
- An improper handling of objects in memory can be exploited remotely by hosting a specially designed website or providing a specially designed document file and convincing a user to open it to execute arbitrary code;
- An incorrect handling of objects in memory can be exploited remotely by convincing a user to open a specially designed document or to visit a malicious webpage to obtain sensitive information.
Original advisories
Related products
CVE list
CVE-2017-8528 critical
CVE-2017-8534 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Affected Products
- Microsoft Windows Server 2016Microsoft Office 2007 Service Pack 3Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Windows 7 Service Pack 1Microsoft Windows 8.1Microsoft Windows RT 8.1Microsoft Windows 10 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2012Microsoft Windows Server 2012 R2
References
support.microsoft.com/kb/3191828
support.microsoft.com/kb/3191848
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8534
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8534
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.143 Low
EPSS
Percentile
95.8%