Remote Code Execution Vulnerability in Windows Operating Systems by Microsoft
CVE-2017-8691

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows Kernel-mode Drivers
Vendor
CVE Published:
8 August 2017

Summary

A vulnerability exists in the Windows font library that could allow an attacker to execute arbitrary code on a target system. This occurs when the font library improperly processes specially crafted embedded fonts. If successfully exploited, this vulnerability could allow an attacker to gain control over the affected system, making it imperative for users to apply the necessary security patches to mitigate the risk.

Affected Version(s)

Windows Kernel-Mode Drivers Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100090
vdb-entryx_refsource_BID
https://fortiguard.com/zeroday/FG-VD-17-142
x_refsource_MISC

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.