CVE-2017-0121

CVE Database · CVE-2017-0121

CVE-2017-0121

· N/AModified

CVSS v3.1

N/A

EPSS

42.12%

Published

Mar 16, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.

Weaknesses (CWE)

CWE-200

Affected Products (12)

microsoft · windows_10vulnerable

microsoft · windows_7vulnerable

microsoft · windows_8.1vulnerable

microsoft · windows_rt_8.1vulnerable

microsoft · windows_server_2008vulnerable

microsoft · windows_server_2012vulnerable

References (8)

http://www.securityfocus.com/bid/96678

Third Party AdvisoryVDB Entry