PT-2017-2914 · Microsoft · Windows Server 2016+5

Jaanus Kp

Published

2017-09-12

Updated

2017-09-21

CVE-2017-8692

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1, 10 (Gold, 1511, 1607, 1703), Windows Server 2012 (Gold and R2), Windows Server 2016, Windows RT 8.1

Description The issue arises from the Windows Uniscribe component's failure to properly handle objects in memory, leading to a remote code execution vulnerability. This can be exploited by remote attackers to execute arbitrary code on the system. The vulnerability is caused by an out-of-bounds operation in memory, resulting from incorrect handling of objects.

Recommendations For Microsoft Windows versions 8.1, 10 (Gold, 1511, 1607, 1703), Windows Server 2012 (Gold and R2), Windows Server 2016, and Windows RT 8.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2017-02239

CVE-2017-8692

ZDI-17-734

Affected Products

Windows

Windows 10

Windows 8.1

Windows Rt 8.1

Windows Server 2012

Windows Server 2016

PT-2017-2914 · Microsoft · Windows Server 2016+5

CVE-2017-8692

Weakness Enumeration

Related Identifiers

Affected Products

References · 9