Information Disclosure Vulnerability in Microsoft Windows Products
CVE-2017-0119

4.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Uniscribe
Vendor: CVE Published:; 17 March 2017

🔔 Create Microsoft Vulnerability Alert

What is CVE-2017-0119?

The Uniscribe component in multiple versions of Microsoft Windows allows remote attackers to exploit a flaw that reveals sensitive information through specially crafted web pages. This vulnerability can enable an attacker to access data stored in process memory, posing significant risks to user privacy and data security.

Affected Version(s)

Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

http://www.securityfocus.com/bid/96666

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1037992

vdb-entryx_refsource_SECTRACK

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2017
Vulnerability Reserved
Sep 9, 2016

.