Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0088 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Windows Uniscribe

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

8.8HIGHNVD

EPSS

24.0%

top 3.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Windows Uniscribe Microsoft Windows Server 2008

Timeline

PublishedMar 17

Latest updateMay 17

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5microsoft_corporation/windows_uniscribeUniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, and Windows 7 SP1

▶NVDmicrosoft/windowsr2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xvmw-q2r3-mqwr: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via↗2022-05-17

▶

Project0

Notes on Windows Uniscribe Fuzzing - Project Zero↗2017-04-01

▶

CVEList

CVE-2017-0088: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via↗2017-03-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)↗2017-03-20

▶

📋Vendor Advisories

Microsoft

Windows Uniscribe Remote Code Execution Vulnerability↗2017-03-14

▶