Vulnerability Details : CVE-2017-0283
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
Vulnerability category: Execute code
Products affected by CVE-2017-0283
- cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:windows:*:*
- cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Threat overview for CVE-2017-0283
Top countries where our scanners detected CVE-2017-0283
Top open port discovered on systems with this issue
443
IPs affected by CVE-2017-0283 1,307
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-0283!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-0283
43.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0283
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2017-0283
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283
CVE-2017-0283 | Windows Uniscribe Remote Code Execution VulnerabilityMitigation;Patch;Vendor Advisory
-
https://www.exploit-db.com/exploits/42234/
Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1198
1198 - Windows Uniscribe font processing heap-based memory corruption in USP10!MergeLigRecords - project-zero - Monorail
-
http://www.securitytracker.com/id/1038675
Microsoft Silverlight Uniscribe Object Memory Handling Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/98920
Microsoft Windows Uniscribe CVE-2017-0283 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html
0patch Blog: 0patching the Quick Brown Fox of CVE-2017-0283
Jump to