CVE-2017-8691

Опубликовано: 08 авг. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Средний

Описание

Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."

Ссылки

http://www.securityfocus.com/bid/100090
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039096
Third Party Advisory
VDB Entry
https://fortiguard.com/zeroday/FG-VD-17-142
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8691
Patch
Vendor Advisory
http://www.securityfocus.com/bid/100090
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039096
Third Party Advisory
VDB Entry
https://fortiguard.com/zeroday/FG-VD-17-142
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8691
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.41218

Средний

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2017-8691

CVSS3: 5

msrc

почти 8 лет назад

Express Compressed Fonts Remote Code Execution Vulnerability

GHSA-wwvx-xw8g-3vv3