First published: Fri Mar 17 2017(Updated: )
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Windows 10 | ||
Windows 10 | =1511 | |
Windows 10 | =1607 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows | ||
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Vista | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-0118 is considered to have a moderate severity level due to the potential for information disclosure.
To fix CVE-2017-0118, ensure that you apply the latest security updates provided by Microsoft for your affected Windows version.
CVE-2017-0118 affects multiple Windows versions including Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows 10 (various editions), and Windows Server 2008, 2012, and 2016.
CVE-2017-0118 is classified as an information disclosure vulnerability due to improper handling of process memory.
Yes, CVE-2017-0118 can be exploited by remote attackers to obtain sensitive information from a user’s process memory.