CVE-2017-0283 (CNNVD-201706-492)
中文标题:
多款Microsoft Windows产品Uniscribe 权限许可和访问控制问题漏洞
英文标题:
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gol...
漏洞描述
中文描述:
Microsoft Windows Server 2008 SP2等都是美国微软(Microsoft)公司的产品。Microsoft Windows Server 2008 SP2是一套用于服务器的操作系统;Microsoft Office 2007是一套办公软件;Microsoft Lync是一个企业整合沟通平台。Uniscribe(又名Unicode Script Processor)是其中的一个能够使Windows操作系统正确演示Unicode文字的组件。 多款Microsoft Windows产品中的Uniscribe存在远程代码执行漏洞。 远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码或造成拒绝服务。以下产品和版本受到影响:Microsoft Windows Server 2008 SP2和R2 SP1,Windows 7 SP1,Windows 8.1,Windows Server 2012 Gold和R2,Windows RT 8.1,Windows 10,Windows 10版本1511,Windows 10版本1607,Windows Server 2016;Microsoft Office 2007 SP3,Microsoft Office 2010 SP2,Microsoft Office Word Viewer;Microsoft Lync 2013 SP1;Skype for Business 2016;Microsoft Silverlight 5 Developer Runtime。
英文描述:
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Microsoft Corporation | Uniscribe | Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows. | - | - |
cpe:2.3:a:microsoft_corporation:uniscribe:windows_server_2008_sp2_and_r2_sp1,_windows_7_sp1,_windows_8.1,_windows_server_2012_gold_and_r2,_windows_rt_8.1,_windows_10_gold,_1511,_1607,_windows_server_2016,_microsoft_office_2007_sp3,_microsoft_office_2010_sp2,_microsoft_office_word_viewer,_microsoft_lync_2013_sp1,_skype_for_business_2016,_microsoft_silverlight_5_developer_runtime_when_installed_on_microsoft_windows,_and_microsoft_silverlight_5_when_installed_on_microsoft_windows.:*:*:*:*:*:*:*
|
| microsoft | lync | 2013 | - | - |
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
|
| microsoft | office | 2007 | - | - |
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
|
| microsoft | office | 2010 | - | - |
cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
|
| microsoft | office_word_viewer | - | - | - |
cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
|
| microsoft | silverlight | 5.0 | - | - |
cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:windows:*:*
|
| microsoft | skype_for_business | 2016 | - | - |
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
|
| microsoft | windows_10 | * | - | - |
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1511 | - | - |
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1607 | - | - |
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
|
| microsoft | windows_10 | 1703 | - | - |
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
|
| microsoft | windows_7 | - | - | - |
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
|
| microsoft | windows_8.1 | * | - | - |
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
|
| microsoft | windows_8.1 | rt | - | - |
cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
|
| microsoft | windows_server_2008 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
|
| microsoft | windows_server_2012 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
|
| microsoft | windows_server_2012 | r2 | - | - |
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
|
| microsoft | windows_server_2016 | - | - | - |
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-0283 |
2025-11-11 15:19:14 | 2025-11-11 07:34:28 |
| NVD | nvd_CVE-2017-0283 |
2025-11-11 14:55:29 | 2025-11-11 07:43:08 |
| CNNVD | cnnvd_CNNVD-201706-492 |
2025-11-11 15:09:50 | 2025-11-11 07:53:07 |
| EXPLOITDB | exploitdb_EDB-42234 |
2025-11-11 15:05:50 | 2025-11-11 08:43:58 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 6 -> 9
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 权限许可和访问控制问题
- cnnvd_id: 未提取 -> CNNVD-201706-492
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 19
- data_sources: ['cve'] -> ['cve', 'nvd']