Remote Code Execution Vulnerability in Windows IME for Various Microsoft Products
CVE-2017-8591

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Shell
Vendor: CVE Published:; 8 August 2017

Summary

The vulnerability in the Windows Input Method Editor (IME) occurs due to improper handling of memory objects, which may allow an attacker to execute arbitrary code on the target system. This issue affects multiple versions of Windows, including client and server editions, potentially compromising the integrity and confidentiality of data processed through these systems.

Affected Version(s)

Windows Shell Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

References

http://www.securitytracker.com/id/1039097

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/99430

vdb-entryx_refsource_BID

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
May 3, 2017

.