CVE-2017-8527
Description
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka Windows Graphics Remote Code Execution Vulnerability.
Risk Information
Base Score
8.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
28.831
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4022714) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1511 for x86-based Systems (KB4022714) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows Server 2016 for x64-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - Cumulative | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4022715) - Delta | Windows |
| Microsoft Edge Security Feature Bypass Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4022727) - Cumulative | Windows |
| for Windows 10 Version 1703 for x64-based Systems (KB4022725) - Cumulative | Windows |
| for Windows 10 Version 1703 for x64-based Systems (KB4022725) - Delta | Windows |
| for Windows 10 Version 1703 for x86-based Systems (KB4022725) - Cumulative | Windows |
| for Windows 10 Version 1703 for x86-based Systems (KB4022725) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4022722) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022717) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x64-based Systems (KB4022717) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows 8.1 for x86-based Systems (KB4022717) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4022726) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4022726) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4022726) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2012 for x64-based Systems (KB4022718) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 for x64-based Systems (KB4022724) - Petya ransomware attack (CVE-2017-0199) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2007 suites (KB3191837) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3191844) 64-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3191844) 32-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Skype for Business 2016 (KB3203382) 64-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Skype for Business 2016 (KB3203382) 32-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Skype for Business 2015 (KB3191939) 64-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Skype for Business 2015 (KB3191939) 32-Bit Edition | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2008 for x64-based Systems (KB4022884) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Windows Server 2008 (KB4022884) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight (KB4023307) | Windows |
| Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight (KB4023307) x64 bases systems | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-22673 | Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4022714) |
| PATCH-22672 | Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4022714) |
| PATCH-22676 | Cumulative Update for Windows Server 2016 for x64-based Systems (KB4022715) |
| PATCH-22675 | Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715) |
| PATCH-22704 | 2017-06 Delta Update for Windows Server 2016 for x64-based Systems (KB4022715) |
| PATCH-22680 | 2017-06 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4022715) |
| PATCH-22674 | Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4022715) |
| PATCH-22679 | 2017-06 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4022715) |
| PATCH-22671 | Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4022727) |
| PATCH-22580 | 2017-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22579 | 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22578 | 2017-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4022719) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22583 | 2017-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4022722) |
| PATCH-22582 | 2017-06 Security Only Quality Update for Windows 7 for x64-based Systems (KB4022722) |
| PATCH-22581 | 2017-06 Security Only Quality Update for Windows 7 for x86-based Systems (KB4022722) |
| PATCH-22589 | 2017-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4022717) |
| PATCH-22588 | 2017-06 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4022717) |
| PATCH-22587 | 2017-06 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4022717) |
| PATCH-22586 | 2017-06 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4022726) |
| PATCH-22585 | 2017-06 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4022726) |
| PATCH-22584 | 2017-06 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4022726) |
| PATCH-22591 | 2017-06 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4022718) |
| PATCH-22590 | 2017-06 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4022724) - Petya ransomware attack (CVE-2017-0199) |
| PATCH-22606 | Security Update for Microsoft Office 2007 suites (KB3191837) |
| PATCH-22620 | Security Update for Microsoft Office 2010 (KB3191844) 64-Bit Edition |
| PATCH-22619 | Security Update for Microsoft Office 2010 (KB3191844) 32-Bit Edition |
| PATCH-22644 | Security Update for Skype for Business 2016 (KB3203382) 64-Bit Edition |
| PATCH-22643 | Security Update for Skype for Business 2016 (KB3203382) 32-Bit Edition |
| PATCH-22646 | Security Update for Skype for Business 2015 (KB3191939) 64-Bit Edition |
| PATCH-22645 | Security Update for Skype for Business 2015 (KB3191939) 32-Bit Edition |
| PATCH-22557 | Security Update for Windows Server 2008 for x64-based Systems (KB4022884) |
| PATCH-22556 | Security Update for Windows Server 2008 (KB4022884) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234