Vulnerability Details : CVE-2017-0083
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
Vulnerability category: OverflowExecute code
Products affected by CVE-2017-0083
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0083
21.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0083
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-0083
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-0083
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083
CVE-2017-0083 | Windows Uniscribe Remote Code Execution VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1037992
Microsoft Windows Uniscribe Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/96608
Microsoft Windows Uniscribe CVE-2017-0083 Remote Code Execution Vulnerability
-
https://www.exploit-db.com/exploits/41655/
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
Jump to