Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mscveMicrosoftMS:CVE-2017-8695
HistorySep 12, 2017 - 7:00 a.m.

Windows Uniscribe Information Disclosure Vulnerability

2017-09-1207:00:00
Microsoft
msrc.microsoft.com
8

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.3%

JSON

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.

The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.

Related

cve 1
symantec 1
prion 1
openvas 15
mskb 21
nessus 11
kaspersky 3
talosblog 1
trendmicroblog 1
cve
cve
CVE-2017-8695
2017-09-13 01:29:00
symantec
symantec
Microsoft Windows Graphics Component CVE-2017-8695 Information Disclosure Vulnerability
2017-09-12 00:00:00
prion
prion
Information disclosure
2017-09-13 01:29:00
openvas
openvas
Microsoft Live Meeting 2007 Add-in Multiple Vulnerabilities (KB4025869)
2017-09-14 00:00:00
Microsoft Office Multiple Vulnerabilities (KB3213641)
2017-09-13 00:00:00
Microsoft Live Meeting 2007 Console Multiple Vulnerabilities (KB4025868)
2017-09-13 00:00:00
mskb
mskb
Description of the security update for Office 2010: September 12, 2017
2017-09-12 07:00:00
Description of the security update for Lync 2010: September 12, 2017
2017-09-12 07:00:00
Description of the security update for Lync 2010 Attendee (admin level install): September 12, 2017
2017-09-12 07:00:00
nessus
nessus
Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)
2017-09-12 00:00:00
Security Updates for Microsoft Office Viewers (September 2017)
2017-09-12 00:00:00
Security Updates for Microsoft Office Products (September 2017)
2017-09-12 00:00:00
kaspersky
kaspersky
KLA11100 Multiple vulnerabilities in Microsoft Office
2017-09-12 00:00:00
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
2017-09-12 00:00:00
KLA11099 Multiple vulnerabilities in Microsoft Windows
2017-09-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017
2017-09-15 14:59:53

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for MS:CVE-2017-8695
cve1symantec1prion1openvas15mskb21nessus11kaspersky3talosblog1trendmicroblog1