CVE-2017-0108

CVE Database · CVE-2017-0108

CVE-2017-0108

· N/AModified

CVSS v3.1

N/A

EPSS

50.47%

Published

Mar 16, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.

Weaknesses (CWE)

CWE-119

Affected Products (12)

microsoft · live_meetingvulnerable

microsoft · lyncvulnerable

microsoft · officevulnerable

microsoft · silverlightvulnerable

microsoft · skype_for_businessvulnerable

microsoft · word_viewervulnerable

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

References (8)