CVE-2017-8695

Summary

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationWindows UniscribeMicrosoft Windows Server 2008 SP2 and R2 SP1affected
Microsoft CorporationWindows UniscribeWindows 7 SP1affected
Microsoft CorporationWindows UniscribeWindows 8.1affected
Microsoft CorporationWindows UniscribeWindows Server 2012 Gold and R2affected
Microsoft CorporationWindows UniscribeWindows RT 8.1affected
Microsoft CorporationWindows UniscribeWindows 10 Gold, 1511, 1607, 1703, and Server 2016affected
Microsoft CorporationWindows UniscribeOffice 2007 SP3affected
Microsoft CorporationWindows UniscribeOffice 2010 SP2affected
Microsoft CorporationWindows UniscribeWord Vieweraffected
Microsoft CorporationWindows UniscribeOffice for Mac 2011 and 2016affected
Microsoft CorporationWindows UniscribeSkype for Business 2016affected
Microsoft CorporationWindows UniscribeLync 2013 SP1affected
Microsoft CorporationWindows UniscribeLync 2010affected
Microsoft CorporationWindows UniscribeLync 2010 Attendeeaffected
Microsoft CorporationWindows UniscribeLive Meeting 2007 Add-in and Consoleaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References