The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/96722 | vdb entry third party advisory |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108 | patch vendor advisory |
| http://www.securitytracker.com/id/1038002 | vdb entry |
| https://www.exploit-db.com/exploits/41647/ | exploit |