Information Disclosure in Microsoft Windows Uniscribe
CVE-2017-0120

4.3MEDIUM

Key Information:

Vendor

Microsoft
Status
Uniscribe In Microsoft Windows Vista Sp2, Windows Server 2008 Sp2, And R2 Sp1, And Windows 7 Sp1.
Vendor
CVE Published:
17 March 2017

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2017-0120?

The Uniscribe component in specific versions of Microsoft Windows is vulnerable to a remote information disclosure flaw. This vulnerability allows attackers to exploit a crafted web page, potentially enabling unauthorized access to sensitive information stored in process memory. A successful attack could lead to significant privacy breaches, emphasizing the need for organizations to patch affected systems and maintain robust security practices.

Affected Version(s)

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2, and R2 SP1, and Windows 7 SP1. Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2, and R2 SP1, and Windows 7 SP1.

References

http://www.securityfocus.com/bid/96667
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037992
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.