Information Disclosure in Microsoft Windows Products
CVE-2017-0092

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Uniscribe
Vendor: CVE Published:; 17 March 2017

Summary

The Uniscribe component in specific Microsoft Windows operating systems allows remote attackers to exploit a vulnerability via a specially crafted website. This could lead to the exposure of sensitive information stored in process memory, potentially compromising user data and system integrity.

Affected Version(s)

Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

http://www.securitytracker.com/id/1037992

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/96676

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016

.

CVE-2017-0092 : Information Disclosure in Microsoft Windows Products | SecurityVulnerability.io