Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-8696 (GCVE-0-2017-8696)
Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-08-05 16:41
VLAI?
EPSS
Summary
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:24.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1039344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"name": "100780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1039344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"name": "100780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039344"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"name": "100780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8696",
"datePublished": "2017-09-13T01:00:00",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-08-05T16:41:24.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0BB045C-AAC8-42F2-84A9-062630FA14E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F83FB32-9775-418B-99A7-EC1FEA345F26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*\", \"matchCriteriaId\": \"EE98CEE9-200B-494A-B645-D14ACB577250\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B854E18-7CB0-43F7-9EBF-E356FA176B2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AF1FCE5-BA29-4968-ADE4-0500B50ADDF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABC68ECB-4FB5-4702-A16D-77A36A715BA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8235774-4B57-4793-BE26-2CDE67532EDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C64B2636-8F96-48BA-921F-A8FA0E62DE63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D499807D-91F3-447D-B9F0-D612898C9339\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7519928D-0FF2-4584-8058-4C7764CD5671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C28897B-044A-447B-AD76-6397F8190177\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \\\"Microsoft Graphics Component Remote Code Execution.\\\"\"}, {\"lang\": \"es\", \"value\": \"El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Add-in y Console permite que un atacante ejecute c\\u00f3digo remotamente mediante una p\\u00e1gina web, un documento o archivo de correo adjunto especialmente manipulados. Esto tambi\\u00e9n se conoce como \\\"Microsoft Graphics Component Remote Code Execution\\\".\"}]",
"id": "CVE-2017-8696",
"lastModified": "2024-11-21T03:34:31.337",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-09-13T01:29:10.380",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/100780\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039344\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-8696\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2017-09-13T01:29:10.380\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \\\"Microsoft Graphics Component Remote Code Execution.\\\"\"},{\"lang\":\"es\",\"value\":\"El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Add-in y Console permite que un atacante ejecute c\u00f3digo remotamente mediante una p\u00e1gina web, un documento o archivo de correo adjunto especialmente manipulados. Esto tambi\u00e9n se conoce como \\\"Microsoft Graphics Component Remote Code Execution\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0BB045C-AAC8-42F2-84A9-062630FA14E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F83FB32-9775-418B-99A7-EC1FEA345F26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*\",\"matchCriteriaId\":\"EE98CEE9-200B-494A-B645-D14ACB577250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B854E18-7CB0-43F7-9EBF-E356FA176B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF1FCE5-BA29-4968-ADE4-0500B50ADDF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABC68ECB-4FB5-4702-A16D-77A36A715BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8235774-4B57-4793-BE26-2CDE67532EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C64B2636-8F96-48BA-921F-A8FA0E62DE63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D499807D-91F3-447D-B9F0-D612898C9339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7519928D-0FF2-4584-8058-4C7764CD5671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C28897B-044A-447B-AD76-6397F8190177\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100780\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039344\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2017-AVI-297
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 16 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Lync 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | N/A | Microsoft Lync 2010 Attendee (installation niveau utilisateur) | ||
| Microsoft | N/A | Microsoft Lync 2010 Attendee (installation niveau administrateur) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 6 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 17 | ||
| Microsoft | N/A | Microsoft Live Meeting 2007 Add-in | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Service Pack 1 | ||
| Microsoft | N/A | Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | N/A | Microsoft Lync 2010 (64 bits) | ||
| Microsoft | N/A | Microsoft Publisher 2007 Service Pack 3 | ||
| Microsoft | N/A | Microsoft Live Meeting 2007 Console | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 5 | ||
| Microsoft | N/A | Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | N/A | Skype pour Business 2016 Basic (32 et 64 bits) | ||
| Microsoft | N/A | Xamarin.iOS | ||
| Microsoft | N/A | Microsoft Lync 2010 (32 bits) | ||
| Microsoft | N/A | Skype pour Business 2016 (32 et 64 bits) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 Attendee (installation niveau utilisateur)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 Attendee (installation niveau administrateur)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Live Meeting 2007 Add-in",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Service Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2007 Service Pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Live Meeting 2007 Console",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 Basic (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Xamarin.iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8758",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8758"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8658"
},
{
"name": "CVE-2017-8665",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8665"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8725"
},
{
"name": "CVE-2017-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11761"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-297",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-295
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une divulgation d'informations, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 7 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes Itanium Service Pack 2 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes Itanium Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8706"
},
{
"name": "CVE-2017-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8713"
},
{
"name": "CVE-2017-8678",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8678"
},
{
"name": "CVE-2017-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8686"
},
{
"name": "CVE-2017-8728",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8728"
},
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8688"
},
{
"name": "CVE-2017-8711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8711"
},
{
"name": "CVE-2017-8702",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8702"
},
{
"name": "CVE-2017-8708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8708"
},
{
"name": "CVE-2017-8707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8707"
},
{
"name": "CVE-2017-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8714"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-8682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8682"
},
{
"name": "CVE-2017-8746",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8746"
},
{
"name": "CVE-2017-8679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8679"
},
{
"name": "CVE-2017-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8628"
},
{
"name": "CVE-2017-8692",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8692"
},
{
"name": "CVE-2017-8681",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8681"
},
{
"name": "CVE-2017-8685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8685"
},
{
"name": "CVE-2017-8684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8684"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8720"
},
{
"name": "CVE-2017-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8710"
},
{
"name": "CVE-2017-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8677"
},
{
"name": "CVE-2017-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0161"
},
{
"name": "CVE-2017-8699",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8699"
},
{
"name": "CVE-2017-8680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8680"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8719",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8719"
},
{
"name": "CVE-2017-8704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8704"
},
{
"name": "CVE-2017-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8687"
},
{
"name": "CVE-2017-8712",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8712"
},
{
"name": "CVE-2017-8716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8716"
},
{
"name": "CVE-2017-8737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8737"
},
{
"name": "CVE-2017-8683",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8683"
},
{
"name": "CVE-2017-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8675"
},
{
"name": "CVE-2017-8709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8709"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-295",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une divulgation d\u0027informations, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-294
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une divulgation d'informations et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft SharePoint Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft PowerPoint 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Office Web Apps Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft PowerPoint 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft PowerPoint 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Excel Services | ||
| Microsoft | Office | Office Online Server | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft Office Web Apps 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office Compatibility Pack Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel pour Mac 2011 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office Web Apps 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft Excel 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel Viewer 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel Web App 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office pour Mac 2011 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint Viewer 2007 | ||
| Microsoft | Office | Microsoft Excel 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 pour Mac | ||
| Microsoft | Office | Microsoft PowerPoint 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office Word Viewer |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Excel Services",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Compatibility Pack Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel pour Mac 2011",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel Viewer 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel Web App 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Mac 2011",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint Viewer 2007",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Word Viewer",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8631",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8631"
},
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8742"
},
{
"name": "CVE-2017-8567",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8567"
},
{
"name": "CVE-2017-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8743"
},
{
"name": "CVE-2017-8682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8682"
},
{
"name": "CVE-2017-8629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8629"
},
{
"name": "CVE-2017-8744",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8744"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8630",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8630"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8632"
},
{
"name": "CVE-2017-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8745"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-294",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une divulgation d\u0027informations\net une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-295
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une divulgation d'informations, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code à distance, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 7 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1703 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes Itanium Service Pack 2 | ||
| Microsoft | Windows | Windows 8.1 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 1511 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 7 pour systèmes 32 bits Service Pack 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes Itanium Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1703 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1511 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 pour syst\u00e8mes 32 bits Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8706"
},
{
"name": "CVE-2017-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8713"
},
{
"name": "CVE-2017-8678",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8678"
},
{
"name": "CVE-2017-8686",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8686"
},
{
"name": "CVE-2017-8728",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8728"
},
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8688",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8688"
},
{
"name": "CVE-2017-8711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8711"
},
{
"name": "CVE-2017-8702",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8702"
},
{
"name": "CVE-2017-8708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8708"
},
{
"name": "CVE-2017-8707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8707"
},
{
"name": "CVE-2017-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8714"
},
{
"name": "CVE-2017-9417",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9417"
},
{
"name": "CVE-2017-8682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8682"
},
{
"name": "CVE-2017-8746",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8746"
},
{
"name": "CVE-2017-8679",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8679"
},
{
"name": "CVE-2017-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8628"
},
{
"name": "CVE-2017-8692",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8692"
},
{
"name": "CVE-2017-8681",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8681"
},
{
"name": "CVE-2017-8685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8685"
},
{
"name": "CVE-2017-8684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8684"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8720"
},
{
"name": "CVE-2017-8710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8710"
},
{
"name": "CVE-2017-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8677"
},
{
"name": "CVE-2017-0161",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0161"
},
{
"name": "CVE-2017-8699",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8699"
},
{
"name": "CVE-2017-8680",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8680"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8719",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8719"
},
{
"name": "CVE-2017-8704",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8704"
},
{
"name": "CVE-2017-8687",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8687"
},
{
"name": "CVE-2017-8712",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8712"
},
{
"name": "CVE-2017-8716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8716"
},
{
"name": "CVE-2017-8737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8737"
},
{
"name": "CVE-2017-8683",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8683"
},
{
"name": "CVE-2017-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8675"
},
{
"name": "CVE-2017-8709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8709"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-295",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une divulgation d\u0027informations, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-297
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 16 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Microsoft Lync 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | N/A | Microsoft Lync 2010 Attendee (installation niveau utilisateur) | ||
| Microsoft | N/A | Microsoft Lync 2010 Attendee (installation niveau administrateur) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 6 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 17 | ||
| Microsoft | N/A | Microsoft Live Meeting 2007 Add-in | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Service Pack 1 | ||
| Microsoft | N/A | Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | N/A | Microsoft Lync 2010 (64 bits) | ||
| Microsoft | N/A | Microsoft Publisher 2007 Service Pack 3 | ||
| Microsoft | N/A | Microsoft Live Meeting 2007 Console | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 5 | ||
| Microsoft | N/A | Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | N/A | Skype pour Business 2016 Basic (32 et 64 bits) | ||
| Microsoft | N/A | Xamarin.iOS | ||
| Microsoft | N/A | Microsoft Lync 2010 (32 bits) | ||
| Microsoft | N/A | Skype pour Business 2016 (32 et 64 bits) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 Attendee (installation niveau utilisateur)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 Attendee (installation niveau administrateur)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Live Meeting 2007 Add-in",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Service Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Basic 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2007 Service Pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Live Meeting 2007 Console",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 Basic (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Xamarin.iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2010 (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 (32 et 64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8758",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8758"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8658"
},
{
"name": "CVE-2017-8665",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8665"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8725"
},
{
"name": "CVE-2017-11761",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11761"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-297",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges et une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
CERTFR-2017-AVI-294
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une divulgation d'informations et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft SharePoint Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft PowerPoint 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Office Web Apps Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft PowerPoint 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft PowerPoint 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Excel Services | ||
| Microsoft | Office | Office Online Server | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft Office Web Apps 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office Compatibility Pack Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel pour Mac 2011 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office Web Apps 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft Excel 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel Viewer 2007 Service Pack 3 | ||
| Microsoft | Office | Microsoft Excel Web App 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office pour Mac 2011 | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint Viewer 2007 | ||
| Microsoft | Office | Microsoft Excel 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 pour Mac | ||
| Microsoft | Office | Microsoft PowerPoint 2013 Service Pack 1 (32 et 64 bits) | ||
| Microsoft | Office | Microsoft Office Word Viewer |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Excel Services",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Compatibility Pack Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel pour Mac 2011",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel Viewer 2007 Service Pack 3",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel Web App 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office pour Mac 2011",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint Viewer 2007",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 Service Pack 1 (32 et 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Word Viewer",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-8631",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8631"
},
{
"name": "CVE-2017-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8695"
},
{
"name": "CVE-2017-8742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8742"
},
{
"name": "CVE-2017-8567",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8567"
},
{
"name": "CVE-2017-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8743"
},
{
"name": "CVE-2017-8682",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8682"
},
{
"name": "CVE-2017-8629",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8629"
},
{
"name": "CVE-2017-8744",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8744"
},
{
"name": "CVE-2017-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8696"
},
{
"name": "CVE-2017-8630",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8630"
},
{
"name": "CVE-2017-8676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8676"
},
{
"name": "CVE-2017-8632",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8632"
},
{
"name": "CVE-2017-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8745"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-294",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Divulgation d\u0027informations"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une divulgation d\u0027informations\net une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
GSD-2017-8696
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-8696",
"description": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"",
"id": "GSD-2017-8696"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-8696"
],
"details": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"",
"id": "GSD-2017-8696",
"modified": "2023-12-13T01:21:08.250432Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039344",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039344"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"name": "100780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100780"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8696"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"name": "100780",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100780"
},
{
"name": "1039344",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039344"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-09-21T18:47Z",
"publishedDate": "2017-09-13T01:29Z"
}
}
}
FKIE_CVE-2017-8696
Vulnerability from fkie_nvd - Published: 2017-09-13 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100780 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1039344 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100780 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039344 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | live_meeting | 2007 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2013 | |
| microsoft | office_2007 | - | |
| microsoft | office_2010 | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_word_viewer | - | |
| microsoft | skype_for_business | 2016 | |
| microsoft | windows_7 | * | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BB045C-AAC8-42F2-84A9-062630FA14E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "0F83FB32-9775-418B-99A7-EC1FEA345F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*",
"matchCriteriaId": "EE98CEE9-200B-494A-B645-D14ACB577250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8B854E18-7CB0-43F7-9EBF-E356FA176B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2007:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "8AF1FCE5-BA29-4968-ADE4-0500B50ADDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2010:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ABC68ECB-4FB5-4702-A16D-77A36A715BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A8235774-4B57-4793-BE26-2CDE67532EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C64B2636-8F96-48BA-921F-A8FA0E62DE63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "D499807D-91F3-447D-B9F0-D612898C9339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
},
{
"lang": "es",
"value": "El componente Uniscribe de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 y 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Add-in y Console permite que un atacante ejecute c\u00f3digo remotamente mediante una p\u00e1gina web, un documento o archivo de correo adjunto especialmente manipulados. Esto tambi\u00e9n se conoce como \"Microsoft Graphics Component Remote Code Execution\"."
}
],
"id": "CVE-2017-8696",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-13T01:29:10.380",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100780"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039344"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JF8W-75QW-9PQ5
Vulnerability from github – Published: 2022-05-17 00:50 – Updated: 2022-05-17 00:50
VLAI?
Details
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2017-8696"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-13T01:29:00Z",
"severity": "HIGH"
},
"details": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\"",
"id": "GHSA-jf8w-75qw-9pq5",
"modified": "2022-05-17T00:50:14Z",
"published": "2022-05-17T00:50:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8696"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100780"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CNVD-2017-33466
Vulnerability from cnvd - Published: 2017-11-10
VLAI Severity ?
Title
多款Microsoft产品Uniscribe远程代码执行漏洞
Description
Microsoft Windows Server 2008 SP2等都是美国微软(Microsoft)公司的产品。Microsoft Windows Server 2008 SP2等是一系列操作系统;Office 2010 SP2是一套办公软件套件;Word Viewer是一套免费的Office Word文档查看器。Uniscribe是其中的一个能够使Windows操作系统正确演示Unicode文字的组件。
多款Microsoft产品中的Uniscribe存在远程代码执行漏洞。远程攻击者可借助特制的网站、文档或邮件附件利用该漏洞执行代码。
Severity
高
Patch Name
多款Microsoft产品Uniscribe远程代码执行漏洞的补丁
Patch Description
Microsoft Windows Server 2008 SP2等都是美国微软(Microsoft)公司的产品。Microsoft Windows Server 2008 SP2等是一系列操作系统;Office 2010 SP2是一套办公软件套件;Word Viewer是一套免费的Office Word文档查看器。Uniscribe是其中的一个能够使Windows操作系统正确演示Unicode文字的组件。
多款Microsoft产品中的Uniscribe存在远程代码执行漏洞。远程攻击者可借助特制的网站、文档或邮件附件利用该漏洞执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-8696
Impacted products
| Name | ['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Office 2007 SP3', 'Microsoft Office Word Viewer null', 'Microsoft Lync 2010', 'Microsoft Office for Mac 2011', 'Microsoft Office 2010 SP2', 'Microsoft Lync 2013 SP1', 'Microsoft Skype for Business 2016', 'Microsoft Lync 2010 Attendee', 'Microsoft Live Meeting 2007 Console', 'Microsoft Office for Mac 2016'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-8696"
}
},
"description": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Windows Server 2008 SP2\u7b49\u662f\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\uff1bOffice 2010 SP2\u662f\u4e00\u5957\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\uff1bWord Viewer\u662f\u4e00\u5957\u514d\u8d39\u7684Office Word\u6587\u6863\u67e5\u770b\u5668\u3002Uniscribe\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u80fd\u591f\u4f7fWindows\u64cd\u4f5c\u7cfb\u7edf\u6b63\u786e\u6f14\u793aUnicode\u6587\u5b57\u7684\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eMicrosoft\u4ea7\u54c1\u4e2d\u7684Uniscribe\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u3001\u6587\u6863\u6216\u90ae\u4ef6\u9644\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
"discovererName": "Microsoft",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33466",
"openTime": "2017-11-10",
"patchDescription": "Microsoft Windows Server 2008 SP2\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Windows Server 2008 SP2\u7b49\u662f\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\uff1bOffice 2010 SP2\u662f\u4e00\u5957\u529e\u516c\u8f6f\u4ef6\u5957\u4ef6\uff1bWord Viewer\u662f\u4e00\u5957\u514d\u8d39\u7684Office Word\u6587\u6863\u67e5\u770b\u5668\u3002Uniscribe\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u80fd\u591f\u4f7fWindows\u64cd\u4f5c\u7cfb\u7edf\u6b63\u786e\u6f14\u793aUnicode\u6587\u5b57\u7684\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eMicrosoft\u4ea7\u54c1\u4e2d\u7684Uniscribe\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7f51\u7ad9\u3001\u6587\u6863\u6216\u90ae\u4ef6\u9644\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eMicrosoft\u4ea7\u54c1Uniscribe\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft Windows Server 2008 R2 SP1",
"Microsoft Windows Server 2008 SP2",
"Microsoft Windows 7 SP1",
"Microsoft Office 2007 SP3",
"Microsoft Office Word Viewer null",
"Microsoft Lync 2010",
"Microsoft Office for Mac 2011",
"Microsoft Office 2010 SP2",
"Microsoft Lync 2013 SP1",
"Microsoft Skype for Business 2016",
"Microsoft Lync 2010 Attendee",
"Microsoft Live Meeting 2007 Console",
"Microsoft Office for Mac 2016"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-8696",
"serverity": "\u9ad8",
"submitTime": "2017-09-13",
"title": "\u591a\u6b3eMicrosoft\u4ea7\u54c1Uniscribe\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…