CVE-2017-8691

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Kernel-mode Drivers
Vendor: CVE Published:; 8 August 2017

Summary

Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."

Affected Version(s)

Windows Kernel-Mode Drivers Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100090

vdb-entryx_refsource_BID

https://fortiguard.com/zeroday/FG-VD-17-142

x_refsource_MISC

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database

.