CVE-2017-8695MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
References
http://www.securityfocus.com/bid/100773
http://www.securitytracker.com/id/1039344
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695
Details
Source: MITRE
Published: 2017-09-13
Updated: 2017-09-21
Type: CWE-200
Risk Information
CVSS v2
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW
CVSS v3
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.6
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 104385 | KB4038781: Windows 10 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
| 103140 | Windows 2008 September 2017 Multiple Security Updates | Nessus | Windows : Microsoft Bulletins | high |
| 103135 | Security Updates for Microsoft Office Viewers (September 2017) | Nessus | Windows : Microsoft Bulletins | high |
| 103133 | Security Updates for Microsoft Office Products (September 2017) | Nessus | Windows : Microsoft Bulletins | high |
| 103132 | Windows Server 2012 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
| 103131 | Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
| 103130 | KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
| 103129 | KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
| 103128 | KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
| 103127 | Windows 7 and Windows Server 2008 R2 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
| 103123 | Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017) | Nessus | Windows : Microsoft Bulletins | high |