Remote Code Execution in Microsoft Windows Uniscribe
CVE-2016-7274

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows Rt 8.1
Windows Server 2012
Windows Server 2016
Windows 7
Vendor
CVE Published:
20 December 2016

What is CVE-2016-7274?

Microsoft Windows contains a vulnerability in its Uniscribe component that could allow remote attackers to execute arbitrary code. This issue arises when a user visits a specially crafted website, triggering the vulnerability. A successful exploit could allow attackers to gain control of the affected system, leading to potential data theft or further network infiltration. This vulnerability affects multiple versions of Windows, highlighting the importance of applying security updates to mitigate risks.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://www.exploit-db.com/exploits/41615/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/94758
vdb-entryx_refsource_BID

EPSS Score

44% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.