Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2017-0108

Published: 17/03/2017 Updated: 16/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote malicious users to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft silverlight 5.0

microsoft lync 2010

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft lync 2013

microsoft live meeting 2007

microsoft windows vista -

microsoft office 2007

microsoft office 2010

microsoft skype for business 2016

microsoft windows server 2008 -

microsoft word viewer -

Exploits

Exploit DB: Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
Source: bugschromiumorg/p/project-zero/issues/detail?id=1022 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove() function called by USP10!otlList::insertAt, while trying to display text using a corrupted font file: --- (4b4424a8): Access violation - code c0000005 (first chance) First chance exceptio ...

References

CWE-119https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108http://www.securityfocus.com/bid/96722http://www.securitytracker.com/id/1038002https://www.exploit-db.com/exploits/41647/https://nvd.nist.govhttps://www.exploit-db.com/exploits/41647/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook