Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-0116

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Uniscribe
Vendor: CVE Published:; 17 March 2017

Summary

The Uniscribe component in specific versions of Microsoft Windows enables remote attackers to gain access to sensitive information residing in process memory through a specially crafted website. This vulnerability exposes systems running Windows Vista, Windows Server 2008, and Windows 7 to potential data leaks, requiring users to implement stringent security measures to mitigate the risks of unauthorized data retrieval.

Affected Version(s)

Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96665

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1037992

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016

.

CVE-2017-0116 : Information Disclosure Vulnerability in Microsoft Windows Products | SecurityVulnerability.io