CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2017-0283 | Windows Uniscribe Remote Code Execution Vulnerability | Microsoft Lync | Critical | 14-06-2017 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory.
Detailed Information on the risk:
In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker’s website, or by opening an attachment sent through email.Further information on this exploit is available at : CVE-2017-0283
Affected Software
Microsoft Lync 2013 (32-bit) SP1Microsoft Lync 2013 (64-bit) SP1
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Word Viewer
Microsoft Silverlight 5 Developer Runtime
Microsoft Silverlight 5.0
Microsoft Skype for Business 2016 (32-bit)
Microsoft Skype for Business 2016 (64-bit)
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 10 version 1511 for 32-bit Systems
Microsoft Windows 10 version 1511 for x64-based Systems
Microsoft Windows 10 version 1703 for 32-bit Systems
Microsoft Windows 10 version 1703 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016