CVE-2017-8695

Published Sep 13, 2017

Last updated 7 years ago

CVSS medium 5.3

Overview

Description: Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0BB045C-AAC8-42F2-84A9-062630FA14E9"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F83FB32-9775-418B-99A7-EC1FEA345F26"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE98CEE9-200B-494A-B645-D14ACB577250"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B854E18-7CB0-43F7-9EBF-E356FA176B2F"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D84FC39-29AA-4EF2-ACE7-E72635126F2B"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AF1FCE5-BA29-4968-ADE4-0500B50ADDF8"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABC68ECB-4FB5-4702-A16D-77A36A715BA6"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63"
          },
          {
            "criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB506484-7F0C-46BF-8EA6-4FB5AF454CED"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References