Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0285: Windows Uniscribe Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0285: Windows Uniscribe Information Disclosure Vulnerability

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

06/13/2017

Created

07/25/2018

Added

06/13/2017

Modified

11/18/2021

Description

An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.

Solution(s)

msft-kb3191828-1d26cddd-003b-45cc-a794-df5abbfb2d55
msft-kb3191848-116a8e51-d9e9-4cd8-8604-8f311aedb603
msft-kb3191848-52a1b49d-02e3-4ecb-b4a1-2712b84938db
msft-kb3203484-c0da140b-f805-4272-a17f-624b91cc9b61
msft-kb4022714-63569ab7-c77a-4436-a691-ad182bf54b54
msft-kb4022714-a6c6864b-39ee-4a25-8c19-fdf5df77f49c
msft-kb4022715-5628b4c3-1451-4233-a111-f48f4eecac09
msft-kb4022715-8436b0ac-13c3-4047-9c60-e1fdba6cf918
msft-kb4022715-96c2ded2-ca08-466e-8d52-1f28a54d49d5
msft-kb4022717-1d805e7c-215a-4c96-8b39-3829bd2e02d0
msft-kb4022717-6abad12a-fc3f-4352-81f7-453e305f13ed
msft-kb4022717-7b6c010d-36ea-4bb4-9d06-9e44c1235690
msft-kb4022718-185fb91c-8006-4eeb-81f1-611113a80509
msft-kb4022718-5cc34e54-998c-4120-ba8a-d528309738f8
msft-kb4022718-8f05b935-4c68-4218-92fe-a734d28cc5e9
msft-kb4022722-0fff3ada-3205-441e-9f7f-f9e0198a32ce
msft-kb4022722-4182f860-3205-4b8d-bf9d-4b0b93f34adc
msft-kb4022722-61851a6d-1717-4861-801a-461e772cb312
msft-kb4022722-65224535-330e-42bd-8e35-824c878ec11a
msft-kb4022722-657cd92e-a4a3-4319-a954-52bedeef4cfc
msft-kb4022722-e181eaef-054e-4b52-a00f-503b91461f68
msft-kb4022725-06b477db-a2d9-4ada-a693-acd91267e8b4
msft-kb4022725-3a4111b7-7238-4b2d-b744-9537b1c6cdfc
msft-kb4022727-378b3f68-8c1f-410f-b1ed-46c1608edf57
msft-kb4022727-7da82164-b5fd-4735-b187-087b2f0fd24f
msft-kb4022884-2c816140-0ae2-4183-977f-d9838ecdb5e0
msft-kb4022884-7bf3327f-6d21-41f4-9c44-4f1b49489b7d
msft-kb4022884-d8e5bd1f-599e-49b7-9a05-ac81340539a2
msft-kb4022884-fe033275-cba9-4346-9527-a17c52a296f5

References

https://attackerkb.com/topics/cve-2017-0285
CVE - 2017-0285
3191828
3191848
3203484
4022714
4022715
4022717
4022718
4022719
4022722
4022724
4022725
4022726
4022727
4022884

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0285: Windows Uniscribe Information Disclosure Vulnerability

Microsoft CVE-2017-0285: Windows Uniscribe Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.