High severity8.8NVD Advisory· Published Jun 15, 2017· Updated May 13, 2026

CVE-2017-0283

Description

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.

Affected products

Microsoft/Lync
cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*
Microsoft/Office2 versions
cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*
Microsoft/Office Word Viewer
cpe:2.3:a:microsoft:office_word_viewer:-:*:*:*:*:*:*:*
Microsoft/Silverlight
cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:windows:*:*
Microsoft/Skype For Business
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
Microsoft/Windows 104 versions
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft/Windows 8.12 versions
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*
Microsoft/Windows Server 20082 versions
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft/Windows Server 20122 versions
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Microsoft/Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Microsoft Corporation/Uniscribev5
Range: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283nvdMitigationPatchVendor Advisory
www.securityfocus.com/bid/98920nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038675nvd
0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.htmlnvd
bugs.chromium.org/p/project-zero/issues/detailnvd
www.exploit-db.com/exploits/42234/nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.045
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000