Home

CVE-2017-8696

Description

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka Microsoft Graphics Component Remote Code Execution.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
21.457

Associated Vulnerability

VulnerabilityOS Platform
Internet Explorer Spoofing Vulnerability for Windows 7 for x64-based Systems (KB4038777)Windows
Internet Explorer Spoofing Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4038777)Windows
Internet Explorer Spoofing Vulnerability for Windows 7 for x86-based Systems (KB4038777)Windows
Windows Print Spooler Remote Code Execution Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4038779)Windows
Windows Print Spooler Remote Code Execution Vulnerability for Windows 7 for x64-based Systems (KB4038779)Windows
Windows Print Spooler Remote Code Execution Vulnerability for Windows 7 for x86-based Systems (KB4038779)Windows
Windows Uniscribe Information Disclosure Vulnerability for the windows uniscribe vulnerabilities in Windows Server 2008 (KB4039384)Windows
Windows Uniscribe Information Disclosure Vulnerability for the windows uniscribe vulnerabilities in Windows Server 2008 for x64-based Systems (KB4039384)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Word Viewer (KB4011125)Windows
Windows Uniscribe Information Disclosure Vulnerability for Skype for Business 2016 (KB4011040) 64-Bit EditionWindows
Windows Uniscribe Information Disclosure Vulnerability for Skype for Business 2016 (KB4011040) 32-Bit EditionWindows
Windows Uniscribe Information Disclosure Vulnerability for Skype for Business 2015 (KB4011107) 64-Bit EditionWindows
Windows Uniscribe Information Disclosure Vulnerability for Skype for Business 2015 (KB4011107) 32-Bit EditionWindows
Windows Uniscribe Information Disclosure Vulnerability for Microsoft Lync 2010 Attendee (Admin level install) (KB4025866)Windows
Windows Uniscribe Information Disclosure Vulnerability for Microsoft Lync 2010 (64 -bit) (KB4025865)Windows
Windows Uniscribe Information Disclosure Vulnerability for Microsoft Lync 2010 (32 -bit) (KB4025865)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Web Applications (KB3213632)Windows
Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3213631) 64-Bit EditionWindows
Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2010 (KB3213631) 32-Bit EditionWindows
Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Office 2007 suites (KB3213649)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-229892017-09 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4038777)
PATCH-229902017-09 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4038777)
PATCH-229882017-09 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4038777)
PATCH-229972017-09 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4038779)
PATCH-229962017-09 Security Only Quality Update for Windows 7 for x64-based Systems (KB4038779)
PATCH-229952017-09 Security Only Quality Update for Windows 7 for x86-based Systems (KB4038779)
PATCH-23111Security Update for Windows Server 2008 (KB4039384)
PATCH-23112Security Update for Windows Server 2008 for x64-based Systems (KB4039384)
PATCH-23107Security Update for Word Viewer (KB4011125)
PATCH-23143Security Update for Skype for Business 2016 (KB4011040) 64-Bit Edition
PATCH-23142Security Update for Skype for Business 2016 (KB4011040) 32-Bit Edition
PATCH-23150Security Update for Skype for Business 2015 (KB4011107) 64-Bit Edition
PATCH-23149Security Update for Skype for Business 2015 (KB4011107) 32-Bit Edition
PATCH-23177Security Update for Microsoft Lync 2010 Attendee (Admin level install) (KB4025866)
PATCH-23159Security Update for Microsoft Lync 2010 (64 -bit) (KB4025865)
PATCH-23156Security Update for Microsoft Lync 2010 (32 -bit) (KB4025865)
PATCH-23103Security Update for Microsoft Web Applications (KB3213632)
PATCH-23106Security Update for Microsoft Office 2010 (KB3213631) 64-Bit Edition
PATCH-23105Security Update for Microsoft Office 2010 (KB3213631) 32-Bit Edition
PATCH-23104Security Update for Microsoft Office 2007 suites (KB3213649)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234