Information Disclosure Vulnerability in Microsoft Windows Uniscribe
CVE-2017-0125
4.3MEDIUM
Summary
The Uniscribe component in Microsoft Windows, including versions Vista SP2, Server 2008 SP2, Server 2008 R2 SP1, and Windows 7 SP1, is susceptible to an information disclosure vulnerability. This weakness enables remote attackers to potentially access sensitive data from the process memory by exploiting the system through a maliciously crafted website. As a result, this could lead to unauthorized disclosure of user information, prompting a need for immediate security measures and patches.
Affected Version(s)
Windows Uniscribe Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved