CVE-2017-8696

Name of the Vulnerable Software and Affected Versions Windows Uniscribe versions in Microsoft Windows Server 2008 SP2 and R2 SP1 Windows Uniscribe versions in Windows 7 SP1 Office versions 2007 SP3 and 2010 SP2 Word Viewer Office for Mac versions 2011 and 2016 Skype for Business version 2016 Lync versions 2013 SP1, 2010 Lync 2010 Attendee Live Meeting 2007 Add-in and Console

Description The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code via a specially crafted website, document, or email attachment. This could enable the attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that contains a fix for this issue. For Windows Uniscribe in Windows 7 SP1, update to a newer version that contains a fix for this issue. For Office versions 2007 SP3 and 2010 SP2, update to a newer version that contains a fix for this issue. For Word Viewer, update to a newer version that contains a fix for this issue. For Office for Mac versions 2011 and 2016, update to a newer version that contains a fix for this issue. For Skype for Business version 2016, update to a newer version that contains a fix for this issue. For Lync versions 2013 SP1, 2010, and Lync 2010 Attendee, update to a newer version that contains a fix for this issue. For Live Meeting 2007 Add-in and Console, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to specially crafted websites, documents, or email attachments until a patch is available.