[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134729

 
 

909

 
 

109403

 
 

153

Paid content will be excluded from the download.


Download | Alert*
OVAL

Windows Uniscribe Remote Code Execution Vulnerability - CVE-2017-0283

ID: oval:org.secpod.oval:def:40959Date: (C)2017-06-15   (M)2019-11-30
Class: VULNERABILITYFamily: windows




A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.There are multiple ways an attacker could exploit this vulnerability:* In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.* In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.Note that for the Office products listed in the Affected Products table, where the severity is indicated as Critical, the Preview Pane is an attack vector for this vulnerability.

Platform:
Microsoft Windows Server 2019
Microsoft Windows 10
Microsoft Windows XP
Microsoft Windows Server 2012
Microsoft Windows Server 2003
Microsoft Windows 8.1
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Product:
Microsoft Live Meeting 2007 Add-in
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Office 2007
Microsoft Office 2010
Microsoft Word Viewer
Microsoft Skype For Business 2016
Microsoft Silverlight 5
Reference:
CVE-2017-0283
CVE    1
CVE-2017-0283
CPE    50
cpe:/o:microsoft:windows_server_2008:-:sp2
cpe:/a:microsoft:lync_attendee:2010:user_level
cpe:/a:microsoft:lync_attendee:2010:admin_level
cpe:/a:microsoft:lync:2010
...

© SecPod Technologies