#VU8307 Information disclosure in Microsoft products - CVE-2017-8695
Published: September 12, 2017 / Updated: September 12, 2017
Vulnerability identifier: #VU8307
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-8695
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Windows
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Lync Attendee
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. A remote attacker can create a specially crafted document or web page, trick the victim into opening it and gain access to potentially sensitive information.
Remediation
Install updates from vendor's website.