Remote Code Execution Vulnerability in Microsoft Windows and Office Products
CVE-2017-8696

7.5HIGH

Key Information:

Vendor
Microsoft
Status
Office 2010
Live Meeting
Lync
Windows 7
Vendor
CVE Published:
13 September 2017

Summary

A vulnerability in the Uniscribe component of Microsoft Windows and Office products allows attackers to execute arbitrary code on a victim's system through specially crafted websites or documents. This can lead to unauthorized access and exploitation of sensitive data, making it imperative for users to apply the necessary security patches and updates.

References

http://www.securitytracker.com/id/1039344
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100780
vdb-entryx_refsource_BID

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.