CVE Vulnerabilities

CVE-2017-0283

Published: Jun 15, 2017 | Modified: Oct 03, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka Windows Uniscribe Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2017-8528.

Affected Software

Name Vendor Start Version End Version
Lync Microsoft 2013-sp1 (including) 2013-sp1 (including)
Office Microsoft 2007-sp3 (including) 2007-sp3 (including)
Office Microsoft 2010-sp2 (including) 2010-sp2 (including)
Office_word_viewer Microsoft - (including) - (including)
Silverlight Microsoft 5.0 (including) 5.0 (including)
Skype_for_business Microsoft 2016 (including) 2016 (including)
Windows_10 Microsoft * *
Windows_10 Microsoft 1511 (including) 1511 (including)
Windows_10 Microsoft 1607 (including) 1607 (including)
Windows_10 Microsoft 1703 (including) 1703 (including)
Windows_7 Microsoft –sp1 (including) –sp1 (including)
Windows_8.1 Microsoft * *
Windows_8.1 Microsoft rt (including) rt (including)
Windows_server_2008 Microsoft –sp2 (including) –sp2 (including)
Windows_server_2008 Microsoft r2-sp1 (including) r2-sp1 (including)
Windows_server_2012 Microsoft - (including) - (including)
Windows_server_2012 Microsoft r2 (including) r2 (including)
Windows_server_2016 Microsoft - (including) - (including)

References