CVE-2017-0014
published 2017-03-17CVE-2017-0014: The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows…
PriorityP355high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
EPSS
17.59%
96.8th percentile
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | live_meeting | — | — |
| microsoft | lync | — | — |
| microsoft | lync | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | silverlight | — | — |
| microsoft | skype_for_business | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_graphics_component | — | — |
| msrc | microsoft_office_2010_service_pack_2 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qp4j-h89h-v85j: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meetin
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2017-0108 [HIGH] CWE-119 GHSA-qp4j-h89h-v85j: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meetin
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
GHSA
GHSA-2h2q-fhfv-pjvj: The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2017-0014 [HIGH] GHSA-2h2q-fhfv-pjvj: The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.
VMware
VMware NSX-V Edge updates address OSPF Protocol LSA DoS
vendor_vmware·2017-08-10·CVSS 5.9
CVE-2017-4920 [MEDIUM] VMware NSX-V Edge updates address OSPF Protocol LSA DoS
VMSA-2017-0014: VMware NSX-V Edge updates address OSPF Protocol LSA DoS
a. VMware NSX-V Edge OSPF Protocol LSA Denial of Service VMware NSX-V implementation of the OSPF protocol doesn’t correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. Note: The issue cannot be exploited in case the OSPF protocol is not configured. At setup time, no particular protocol is configured. For more information on static and dynamic routing for NSX Edge refer to the NSX Administration Guide, section Logical Router. VMware would like to thank Adi Sosnovich, Orna Grumberg and Gabi Nakibly for reporting this issue to us. The Common Vulnerabilities and Exposures project
Microsoft
Windows Graphics Component Remote Code Execution Vulnerability
vendor_msrc·2017-03-14·CVSS 6.4
CVE-2017-0014 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability
Windows Graphics Component Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view
No detection rules found.
No public exploits indexed.
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
# March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro
2017/03/15
Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB). This vulnerability potentially allows cyber criminals to render affected system
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Ausnutzung von Schwachstellen
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Sfruttamento vulnerabilità
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits y vulnerabilidades
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected s
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro 2017/03/15 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected syst
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-14-2017
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 03-14-2017
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5
bugzilla·2016-10-12·CVSS 7.8
CVE-2016-8602 [HIGH] CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5
CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5
If you call .sethalftone5 with an empty operand stack, ghostscript crashes. This flaw could be exploitable
Upstream bug :
- Bug 697203 - NULL dereference in .sethalftone5
http://bugs.ghostscript.com/show_bug.cgi?id=697203
Upstream patch :
- Bug 697203: check for sufficient params in .sethalftone5
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303
Reference :
http://seclists.org/oss-sec/2016/q4/98
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1383941]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:0014 https://rhn.redhat.com/errata/RHSA-2017-0014.html
---
This issue has been addressed in the fo
Bugzilla
CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER
bugzilla·2016-09-29·CVSS 5.5
CVE-2013-5653 [MEDIUM] CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER
CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER
It was found that getenv and filenameforall ignore -dSAFER possibly allowing filesystem enumeration.
Upstream bug:
http://bugs.ghostscript.com/show_bug.cgi?id=694724
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
Reference:
http://seclists.org/oss-sec/2016/q3/651
Reproducer:
%!PS
(HOME) getenv { print (\n) print } { (variable not found\n) print } ifelse
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1390486]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:0014 https://rhn.redhat.com/errata/RHSA-2017-0014.html
---
This issue has been addressed in the
Bugzilla
CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER
bugzilla·2016-09-29·CVSS 5.5
CVE-2016-7977 [MEDIUM] CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER
CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER
It was found that .libfile can be used to access arbitrary files on the file system.
PoC:
http://www.openwall.com/lists/oss-security/2016/09/29/3
Upstream bug:
http://bugs.ghostscript.com/show_bug.cgi?id=697169
Upstream fix:
http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=cf046d2
Discussion:
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1380416]
---
CVE assignment:
http://seclists.org/oss-sec/2016/q4/37
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2017:0014 https://rhn.redhat.com/errata/RHSA-2017-0014.html
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:0013
http://www.securityfocus.com/bid/96013http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/http://www.securityfocus.com/bid/96013http://www.securitytracker.com/id/1038002https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9/
2017-03-17
Published