The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Lync 2013 Sp1 (not an official CPE)
Microsoft Office 2010 Sp2 (not an official CPE)
Microsoft Office 2007 Service Pack 3
Microsoft Lync 2010 (not an official CPE)
Microsoft Silverlight 5.0 (not an official CPE)
Microsoft Skype for business 2016 (not an official CPE)
Microsoft Word viewer - (not an official CPE)
Microsoft Live meeting 2007 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidanc... | |||
| 1038002 | |||
| 96722 | |||
| 41647 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)
Related CAPEC 11
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Overflow Buffers (CAPEC-ID 100)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
MIME Conversion (CAPEC-ID 42)
Overflow Binary Resource File (CAPEC-ID 44)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
Buffer Overflow in an API Call (CAPEC-ID 8)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)