CVE-2017-8695

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."

El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703 y Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office para Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; y Live Meeting 2007 Add-in y Console permite que un atacante obtenga información para comprometer posteriormente el sistema de un usuario mediante un documento especialmente manipulado o una página web no fiable. Esto también se conoce como "Graphics Component Information Disclosure Vulnerability".

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-05-03 CVE Reserved
2017-09-13 CVE Published
2023-06-28 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/100773	Third Party Advisory
http://www.securitytracker.com/id/1039344	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695	2017-09-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Live Meeting Search vendor "Microsoft" for product "Live Meeting"				2007 Search vendor "Microsoft" for product "Live Meeting" and version "2007"		-		Affected
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2010 Search vendor "Microsoft" for product "Lync" and version "2010"		-		Affected
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2010 Search vendor "Microsoft" for product "Lync" and version "2010"		attendee		Affected
Microsoft Search vendor "Microsoft"		Lync Search vendor "Microsoft" for product "Lync"				2013 Search vendor "Microsoft" for product "Lync" and version "2013"		sp1		Affected
Microsoft Search vendor "Microsoft"		Office Search vendor "Microsoft" for product "Office"				2011 Search vendor "Microsoft" for product "Office" and version "2011"		mac		Affected
Microsoft Search vendor "Microsoft"		Office 2007 Search vendor "Microsoft" for product "Office 2007"				-		sp3		Affected
Microsoft Search vendor "Microsoft"		Office 2010 Search vendor "Microsoft" for product "Office 2010"				*		sp2		Affected
Microsoft Search vendor "Microsoft"		Office Word Viewer Search vendor "Microsoft" for product "Office Word Viewer"				-		-		Affected
Microsoft Search vendor "Microsoft"		Skype For Business Search vendor "Microsoft" for product "Skype For Business"				2016 Search vendor "Microsoft" for product "Skype For Business" and version "2016"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1511 Search vendor "Microsoft" for product "Windows 10" and version "1511"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1607 Search vendor "Microsoft" for product "Windows 10" and version "1607"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 10 Search vendor "Microsoft" for product "Windows 10"				1703 Search vendor "Microsoft" for product "Windows 10" and version "1703"		-		Affected
Microsoft Search vendor "Microsoft"		Windows 7 Search vendor "Microsoft" for product "Windows 7"				-		sp1		Affected
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				*		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"		sp1		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				-		gold		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016"				*		-		Affected