Information disclosure in Microsoft products - CVE-2017-8695
Published: September 12, 2017 / Updated: September 12, 2017
Vulnerability identifier: #VU8307
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-8695
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Windows
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. A remote attacker can create a specially crafted document or web page, trick the victim into opening it and gain access to potentially sensitive information.
How to mitigate CVE-2017-8695
Install updates from vendor's website.