CVE-2017-8695 — MEDIUM (5.3)

Vulnerability Description

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Microsoft	Live Meeting	2007
Microsoft	Lync	2010
Microsoft	Office	2011
Microsoft	Office 2007	-
Microsoft	Office 2010	All versions
Microsoft	Office Word Viewer	-
Microsoft	Skype For Business	2016
Microsoft	Windows 10	-
Microsoft	Windows 7	-
Microsoft	Windows 8.1	All versions
Microsoft	Windows Rt 8.1	-
Microsoft	Windows Server 2008	-
Microsoft	Windows Server 2012	-
Microsoft	Windows Server 2016	All versions

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/100773Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039344Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695PatchVendor Advisory
http://www.securityfocus.com/bid/100773Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039344Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695PatchVendor Advisory

FAQ

What is CVE-2017-8695?

CVE-2017-8695 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Offi...

How severe is CVE-2017-8695?

CVE-2017-8695 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8695?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Live Meeting, Microsoft Lync, Microsoft Office, Microsoft Office 2007, Microsoft Office 2010.