![]() ![]() To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. By itself, the information disclosure does not allow arbitrary code execution however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. ![]() (CVE-2017-8695) - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. ![]() MICROSOFT LYNC WEB APP PLUGIN UPDATEThe update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. Description The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is missing security updates. Synopsis The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is affected by multiple vulnerabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |