CVE-2017-8682

Name of the Vulnerable Software and Affected Versions Windows Server 2008 SP2 and R2 SP1 Windows 7 SP1 Windows 8.1 Windows Server 2012 Gold and R2 Windows RT 8.1 Windows 10 versions 1507 through 1703 Windows Server 2016 Microsoft Office Word Viewer Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2

Description The issue is related to the handling of embedded fonts, allowing an attacker to execute remote code. This can be achieved through specially crafted embedded fonts, potentially via a specially created website or document. An attacker who successfully exploits this issue could take control of the affected system, then install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Windows Server 2008 SP2 and R2 SP1, update the Windows font library to properly handle embedded fonts. For Windows 7 SP1, apply the security update to fix the improper handling of specially crafted embedded fonts. For Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 versions 1507 through 1703, ensure the Windows font library is updated to handle embedded fonts correctly. For Windows Server 2016, apply the relevant security patch to address the remote code execution vulnerability. For Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2, update the software to a version that properly handles embedded fonts.