Remote Code Execution Vulnerability in Microsoft Windows Uniscribe
CVE-2017-0072
8.8HIGH
Summary
The Uniscribe component of Microsoft Windows allows remote attackers to execute arbitrary code by crafting malicious websites. This vulnerability affects various Windows versions, including Vista, Server 2008, and Windows 7 SP1, presenting a significant risk if users are exposed to these entities. Users are urged to apply necessary security patches to mitigate the risk of exploitation.
Affected Version(s)
Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1
References
EPSS Score
19% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved