Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8528: Windows Uniscribe Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-8528: Windows Uniscribe Remote Code Execution Vulnerability

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
06/13/2017
Created
07/25/2018
Added
06/13/2017
Modified
09/06/2024

Description

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283.

Solution(s)

  • microsoft-windows-windows_server_2012-kb4022718
  • microsoft-windows-windows_server_2012_r2-kb4022717
  • msft-kb3191828-1d26cddd-003b-45cc-a794-df5abbfb2d55
  • msft-kb3191848-116a8e51-d9e9-4cd8-8604-8f311aedb603
  • msft-kb3191848-52a1b49d-02e3-4ecb-b4a1-2712b84938db
  • msft-kb4022717-1d805e7c-215a-4c96-8b39-3829bd2e02d0
  • msft-kb4022717-6abad12a-fc3f-4352-81f7-453e305f13ed
  • msft-kb4022718-185fb91c-8006-4eeb-81f1-611113a80509
  • msft-kb4022718-5cc34e54-998c-4120-ba8a-d528309738f8
  • msft-kb4022722-0fff3ada-3205-441e-9f7f-f9e0198a32ce
  • msft-kb4022722-4182f860-3205-4b8d-bf9d-4b0b93f34adc
  • msft-kb4022722-61851a6d-1717-4861-801a-461e772cb312
  • msft-kb4022722-65224535-330e-42bd-8e35-824c878ec11a
  • msft-kb4022722-657cd92e-a4a3-4319-a954-52bedeef4cfc
  • msft-kb4022722-e181eaef-054e-4b52-a00f-503b91461f68
  • msft-kb4022884-2c816140-0ae2-4183-977f-d9838ecdb5e0
  • msft-kb4022884-7bf3327f-6d21-41f4-9c44-4f1b49489b7d
  • msft-kb4022884-d8e5bd1f-599e-49b7-9a05-ac81340539a2
  • msft-kb4022884-fe033275-cba9-4346-9527-a17c52a296f5

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;