CVE-2017-0108

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Средний

Описание

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

Ссылки

http://www.securityfocus.com/bid/96722
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41647/
http://www.securityfocus.com/bid/96722
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/41647/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.39113

Средний

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-0108

CVSS3: 8.8

msrc

больше 8 лет назад

Windows Graphics Component Remote Code Execution Vulnerability

GHSA-qp4j-h89h-v85j