Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0118Sensitive Information Exposure in Corporation Windows Uniscribe

CWE-200Sensitive Information Exposure62 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
12.4%
top 6.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft Corporation Windows UniscribeMicrosoft Windows 10Microsoft Windows Server 2008+1 more
Timeline
PublishedMar 17
Latest updateMay 17

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116,

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5microsoft_corporation/windows_uniscribeUniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016, Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1+1
NVDmicrosoft/windows_101511, 1607+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

40
GHSA
GHSA-q6rh-jr96-j967: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio2022-05-17
GHSA
GHSA-wjc2-v7mg-f28p: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio2022-05-17
GHSA
GHSA-wfwg-wf3p-5jwf: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-c56p-68hf-4r62: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-4jgc-p7rp-h26g: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)2017-03-20

📋Vendor Advisories

1
Microsoft
Windows Uniscribe Information Disclosure Vulnerability2017-03-14