This issue was reported to Microsoft by Dawid Golunski on November 21, 2017. The vulnerability is due to a lack of input validation on user-supplied data in the processing of parsing of font files in Microsoft products. These products include Microsoft Office software, Internet Explorer, Windows PDF viewer, Windows Media Player, Windows Photo Viewer, and Windows Preview. Successful exploitation of this vulnerability could result in remote code execution in the context of the currently logged-in user. Depending on the Severity settings of the target user, successful exploitation could result in remote code installation in the context of the currently logged-in user. Microsoft has received information regarding this vulnerability from the community. We have investigated the reported vulnerability and determined that it is critical due to the type of impact. Microsoft’s security update for this issue was released on November 21, 2017.
Summary Information CVE ID: CVE-2017-8758 FIRST AFFECTED PRODUCT(S) AND VERSION(S): Microsoft Office and Microsoft SharePoint Software when installed on Windows operating systems. Click here for information on how to check the status of vulnerable products on Windows operating systems.
Microsoft Office Software
Microsoft Office software is used by millions of people in a wide range of fields, from science and medicine to law, finance, and education. Additionally, it has become a go-to resource for many individuals who are looking for high quality tools that work well with their productivity needs.
The vulnerability reported was found in the processing of parsing of font files in the Microsoft products mentioned above. These fonts could potentially be exploited if an attacker enters malicious code into documents or other formats that contain these fonts, such as PDFs and eBooks.
The vulnerability is rated critical due to the impact it could have on user data as well as remote code execution when exploiting this vulnerability on a victim machine.
IMPACT OF Vulnerability:
The vulnerability could allow remote code execution in the context of the logged-in user if exploited successfully.
IMPACT OF VULNERABILITY
This issue has a critical impact because the vulnerability can be exploited to allow an attacker to remotely execute code in the context of the currently logged-in user.
Timeline
Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 18:15:00 UTC