KB4023307: Security Update for the Windows Uniscribe Remote Code Execution Vulnerability for Microsoft Silverlight 5 (June 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A web application framework running on the remote host is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Silverlight 5 installed on the remote Windows host is
missing security update KB4023307. It is, therefore, affected by
multiple vulnerabilities :

- A remote code execution vulnerability exists in
Windows Uniscribe software due to improper handling of
objects in memory. An unauthenticated, remote attacker
can exploit this, by convincing a user to visit a
specially crafted website or to open a specially crafted
document file, to execute arbitrary code in the context
of the current user. (CVE-2017-0283)

- A remote code execution vulnerability exists in the
Windows font library due to improper handling of
embedded fonts. An unauthenticated, remote attacker can
exploit this, by convincing a user to visit a specially
crafted website or open a specially crafted Microsoft
document, to execute arbitrary code in the context of
the current user. (CVE-2017-8527)

See also :

http://www.nessus.org/u?73572b10
http://www.nessus.org/u?36ab262f
http://www.nessus.org/u?5c2ca141

Solution :

Apply security update KB4023307.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 100767 ()

Bugtraq ID: 98920
98933

CVE ID: CVE-2017-0283
CVE-2017-8527

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now