Remote Code Execution Vulnerability in Microsoft Windows Products
CVE-2017-0089

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Uniscribe
Vendor
CVE Published:
17 March 2017

Badges

👾 Exploit Exists🟣 EPSS 65%

Summary

The Uniscribe component in multiple versions of Microsoft Windows is susceptible to a remote code execution vulnerability, which potentially allows attackers to execute arbitrary code on a user's system through a specially crafted website. Successful exploitation could lead to the installation of software, the creation of new user accounts with full user rights, or modification of existing data. This vulnerability is particularly concerning as it can be exploited via web interactions, emphasizing the need for robust security measures and timely updates to protect affected devices.

Affected Version(s)

Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

http://www.securityfocus.com/bid/96606
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/41652/
exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1037992
vdb-entryx_refsource_SECTRACK

EPSS Score

65% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-0089 : Remote Code Execution Vulnerability in Microsoft Windows Products | SecurityVulnerability.io