Think you have a false positive on this rule?

Sid 1-44335

Message

OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt

Summary

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.

Impact

CVSS base score 8.8 CVSS impact score 5.9 CVSS exploitability score 2.8 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH

Detailed information

Affected systems

  • microsoft office_2007 -
  • microsoft office_2010 *
  • microsoft officewordviewer -
  • microsoft windows_10 -
  • microsoft windows_10 1511
  • microsoft windows_10 1607
  • microsoft windows_10 1703
  • microsoft windows_7 -
  • microsoft windows_8.1 *
  • microsoft windowsrt8.1 -
  • microsoft windowsserver2008 -
  • microsoft windowsserver2008 r2
  • microsoft windowsserver2012 -
  • microsoft windowsserver2012 r2
  • microsoft windowsserver2016 *

Ease of attack

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References