Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
http://www.securityfocus.com/bid/100773
http://www.securitytracker.com/id/1039344
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695
Source: MITRE
Published: 2017-09-13
Updated: 2017-09-21
Type: CWE-200
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.6
Severity: MEDIUM
OR
cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*
cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
104385 | KB4038781: Windows 10 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
103140 | Windows 2008 September 2017 Multiple Security Updates | Nessus | Windows : Microsoft Bulletins | high |
103135 | Security Updates for Microsoft Office Viewers (September 2017) | Nessus | Windows : Microsoft Bulletins | high |
103133 | Security Updates for Microsoft Office Products (September 2017) | Nessus | Windows : Microsoft Bulletins | high |
103132 | Windows Server 2012 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
103131 | Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
103130 | KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
103129 | KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
103128 | KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update | Nessus | Windows : Microsoft Bulletins | high |
103127 | Windows 7 and Windows Server 2008 R2 September 2017 Security Updates | Nessus | Windows : Microsoft Bulletins | high |
103123 | Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017) | Nessus | Windows : Microsoft Bulletins | high |