The vulnerability of the Microsoft Windows Text Services Framework software interface in the Windows operating system allows a hacker to execute arbitrary code.

🗓️ 14 Nov 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Windows Text Services Framework flaw enables arbitrary code execution via a crafted web page due to access control flaws.

Reporter	Title	Published	Views	Family All 38
CNVD	Microsoft Windows Shell Memory Corruption Vulnerability	11 Oct 201700:00	–	cnvd
Check Point Advisories	Microsoft Windows Shell Memory Corruption (CVE-2017-8727)	10 Oct 201700:00	–	checkpoint_advisories
CVE	CVE-2017-8727	13 Oct 201713:00	–	cve
Cvelist	CVE-2017-8727	13 Oct 201713:00	–	cvelist
Microsoft KB	October 10, 2017—KB4041676 (OS Build 15063.674)	16 Oct 201707:00	–	mskb
Microsoft KB	October 10, 2017—KB4041678 (Security-only update)	16 Oct 201707:00	–	mskb
Microsoft KB	October 10, 2017—KB4041679 (Security-only update)	16 Oct 201707:00	–	mskb
Microsoft KB	October 10, 2017—KB4041681 (Monthly Rollup)	16 Oct 201707:00	–	mskb
Microsoft KB	October 10, 2017—KB4041687 (Security-only update)	16 Oct 201707:00	–	mskb
Microsoft KB	October 10, 2017—KB4041689 (OS Build 10586.1176)	16 Oct 201707:00	–	mskb

Source	Link
securityfocus	www.securityfocus.com/bid/101142
securitytracker	www.securitytracker.com/id/1039537
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8727
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 37.5

CVSS 27.6

EPSS0.20533

windows text services framework arbitrary code execution crafted web page access control flaws