CVE-2017-11763

Published: 13/10/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows rt 8.1
microsoft windows server 2012 r2
microsoft windows server 2016
microsoft windows 7
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 8.1
microsoft windows server 2008 r2
microsoft windows server 2008
microsoft windows 10 1703
microsoft windows server 2012 -
microsoft windows 10 -

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

The Register • Shaun Nichols in San Francisco • 10 Oct 2017

But at least there's no Flash update (not this week, anyway)

Microsoft today released patches for more than 60 CVE-listed vulnerabilities in its software. Meanwhile, Adobe is skipping October's Patch Tuesday altogether. Among the latest holes that need papering over via Windows Update are three vulnerabilities already publicly disclosed – with one being exploited right now by hackers to infect vulnerable machines. That flaw, CVE-2017-11826, is leveraged when a booby-trapped Microsoft Office document is opened, allowing malicious code within it to run wi...

CVE-2017-11763

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect