Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0120 — Sensitive Information Exposure in Corporation Windows Uniscribe

CWE-200 — Sensitive Information Exposure44 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

9.7%

top 7.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Windows Uniscribe Microsoft Windows 10 Microsoft Windows Server 2008 +10 more

Timeline

PublishedMar 17

Latest updateMay 17

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages12 packages

▶CVEListV5microsoft_corporation/windows_uniscribeUniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_2008_for_itanium-based_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-q6rh-jr96-j967: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio↗2022-05-17

▶

GHSA

GHSA-wjc2-v7mg-f28p: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio↗2022-05-17

▶

GHSA

GHSA-wfwg-wf3p-5jwf: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17

▶

GHSA

GHSA-c56p-68hf-4r62: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-17

▶

GHSA

GHSA-4jgc-p7rp-h26g: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive informatio↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)↗2017-03-20

▶

📋Vendor Advisories

Microsoft

Windows Uniscribe Information Disclosure Vulnerability↗2017-03-14

▶