CVE-2017-11762
published 2017-10-13CVE-2017-11762: The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
17.15%
96.7th percentile
The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | microsoft_graphics_component | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2017-11762 can be exploited via a browser by hosting a specially crafted website with malicious embedded fonts, or via a malicious document file attachment — monitor for suspicious font-loading activity in browser and Office processes. ↗
- →The vulnerability is triggered by specially crafted embedded fonts processed by the Windows font library — inspect documents and web content for anomalous embedded font structures (e.g., malformed OTF/TTF). ↗
- →File-sharing / spear-phishing delivery vector: attacker sends a specially crafted document via email — monitor email attachments and document opens that trigger font parsing in the Windows Graphics Component. ↗
- →CVE-2017-11762 is exploitable through a browser or malicious file — prioritize detection on workstation-type systems that use email and access the internet via a browser. ↗
- ·Microsoft rates exploitation as 'More Likely' for both latest and older software releases, but as of the advisory there is no confirmed in-the-wild exploitation or public exploit code for CVE-2017-11762. ↗
- ·CVE-2017-11762 is distinct from the closely related CVE-2017-11763, which affects the same Windows font library component — ensure detections and patches address both CVEs independently. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v5jq-x7gc-x4mv: The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2017-11762 [HIGH] CWE-20 GHSA-v5jq-x7gc-x4mv: The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.
Microsoft
Microsoft Graphics Remote Code Execution Vulnerability
vendor_msrc·2017-10-10·CVSS 8.1
CVE-2017-11762 [HIGH] Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view
No detection rules found.
No public exploits indexed.
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities | Qualys
blogs_qualys·2017-10-10·CVSS 8.8
CVE-2017-11826 [HIGH] October Patch Tuesday: 28 Critical Microsoft Vulnerabilities | Qualys
Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.
Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” and is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
blogs_qualys·2017-10-10·CVSS 8.8
CVE-2017-11826 [HIGH] October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.
Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826 , which Microsoft has ranked as “Important” and is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771 , which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SM
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
## Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated Critical The following vulnerabilities are rated "Critical" by Microsoft:
CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2017-11763 - Microsoft G
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated CriticalThe following vulnerabilities are rated "Critical" by Microsoft:
- CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerabi
http://www.securityfocus.com/bid/101108http://www.securitytracker.com/id/1039536https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11762http://www.securityfocus.com/bid/101108http://www.securitytracker.com/id/1039536https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11762
2017-10-13
Published