Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2017-8695

Disclosure Date: September 13, 2017
CVE-2017-8695 CVSS v3 Base Score: 5.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user’s system via a specially crafted document or an untrusted webpage, aka “Graphics Component Information Disclosure Vulnerability.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.3 Medium
Impact Score:
3.6
Exploitability Score:
1.6
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Windows Uniscribe Microsoft Windows Server 2008 SP2 and R2 SP1
Windows Uniscribe Windows 7 SP1
Windows Uniscribe Windows 8.1
Windows Uniscribe Windows Server 2012 Gold and R2
Windows Uniscribe Windows RT 8.1
Windows Uniscribe Windows 10 Gold, 1511, 1607, 1703, and Server 2016
Windows Uniscribe Office 2007 SP3
Windows Uniscribe Office 2010 SP2
Windows Uniscribe Word Viewer
Windows Uniscribe Office for Mac 2011 and 2016
Windows Uniscribe Skype for Business 2016
Windows Uniscribe Lync 2013 SP1
Windows Uniscribe Lync 2010
Windows Uniscribe Lync 2010 Attendee
Windows Uniscribe Live Meeting 2007 Add-in and Console
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • microsoft

Products

  • live meeting 2007,
  • lync 2010,
  • lync 2013,
  • office 2007 -,
  • office 2010,
  • office 2011,
  • office word viewer -,
  • skype for business 2016,
  • windows 10 -,
  • windows 10 1511,
  • windows 10 1607,
  • windows 10 1703,
  • windows 7 -,
  • windows 8.1,
  • windows rt 8.1 -,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis