CVE-2017-0083
published 2017-03-17CVE-2017-0083: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted…
PriorityP272high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
42.55%
98.5th percentile
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_uniscribe | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in Windows Uniscribe due to improper handling of objects in memory; monitor for exploitation via specially crafted websites or document files delivered through web-based or file-sharing attack vectors. ↗
- →Web-based attack vector: attacker hosts a specially crafted website and lures users via links in email or instant messages; monitor for suspicious outbound web traffic to attacker-controlled sites from Uniscribe-processing contexts. ↗
- →File-sharing attack vector: attacker delivers a specially crafted document file; monitor for suspicious document opens that trigger Uniscribe processing (e.g., unusual usp10.dll activity). ↗
- ·Exploit status at time of advisory: not publicly disclosed and not exploited in the wild; exploitation rated 'Less Likely' for older software releases. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7rp-jvf2-fq2v: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0086 [HIGH] CWE-119 GHSA-q7rp-jvf2-fq2v: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
GHSA
GHSA-g4w4-g4r3-jrr5: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0089 [HIGH] CWE-119 GHSA-g4w4-g4r3-jrr5: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.
GHSA
GHSA-x9c6-jqxq-vwrw: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0090 [HIGH] CWE-119 GHSA-x9c6-jqxq-vwrw: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.
GHSA
GHSA-qf37-gphv-4f4r: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0087 [HIGH] CWE-119 GHSA-qf37-gphv-4f4r: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
GHSA
GHSA-4rj2-gx5j-44h9: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0083 [HIGH] CWE-119 GHSA-4rj2-gx5j-44h9: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
GHSA
GHSA-6c4j-fhmx-54hj: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-17·CVSS 8.8
CVE-2017-0084 [HIGH] CWE-119 GHSA-6c4j-fhmx-54hj: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
GHSA
GHSA-ff7j-h456-75gj: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2017-0072 [HIGH] CWE-119 GHSA-ff7j-h456-75gj: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
Project0
Notes on Windows Uniscribe Fuzzing - Project Zero
project_zero·2017-04-01
CVE-2016-7274 Notes on Windows Uniscribe Fuzzing - Project Zero
Posted by Mateusz Jurczyk of Google Project Zero
Among the total of 119 vulnerabilities with CVEs fixed by Microsoft in the March Patch Tuesday a few weeks ago, there were 29 bugs reported by us in the font-handling code of the Uniscribe library. Admittedly the subject of font-related security has already been extensively discussed on this blog both in the context of manual analysis [1][2] and fuzzing [3][4]. However, what makes this effort a bit different from the previous ones is the fact that Uniscribe is a little-known user-mode component, which had not been widely recognized as a viable attack vector before, as opposed to the kernel-mode font implementations included in the win32k.sys and ATMFD.DLL drivers. In this post, we outline a brief history and description of Uniscribe, expla
Microsoft
Windows Uniscribe Remote Code Execution Vulnerability
vendor_msrc·2017-03-14·CVSS 8.8
CVE-2017-0083 [HIGH] Windows Uniscribe Remote Code Execution Vulnerability
Windows Uniscribe Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit this vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker wou
No detection rules found.
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
# March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro
2017/03/15
Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB). This vulnerability potentially allows cyber criminals to render affected system
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Ausnutzung von Schwachstellen
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Sfruttamento vulnerabilità
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits y vulnerabilidades
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected s
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro 2017/03/15 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected syst
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins
blogs_trendmicro·2017-03-15·CVSS 7.8
CVE-2017-0016 [HIGH] March 2017 Patch Tuesday: 18 Security Bulletins
Exploits & Vulnerabilities
## March 2017 Patch Tuesday: 18 Security Bulletins
Patch Tuesday for March is hefty, with essentially two months’ worth of updates after Microsoft delayed its February patch release. Notable among the critical bulletins is MS17-012, which resolves several vulnerabilities including CVE-2017-0016.
By: Trend Micro Mar 15, 2017 Read time: ( words)
Save to Folio
Patch Tuesday for March is a hefty one, with essentially two months’ worth of updates after Microsoft quietly delayed its February patch release. Notable among the critical bulletins is MS17-012 , which resolves several vulnerabilities including CVE-2017-0016, a zero-day vulnerability involving Windows Server Message Block (SMB) . This vulnerability potentially allows cyber criminals to render affected sy
http://www.securityfocus.com/bid/96608http://www.securitytracker.com/id/1037992https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083https://www.exploit-db.com/exploits/41655/http://www.securityfocus.com/bid/96608http://www.securitytracker.com/id/1037992https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083https://www.exploit-db.com/exploits/41655/
2017-03-17
Published