Vulnerability Protection

Vulnerabilities in Windows Uniscribe Could Allow Remote Code Execution


Report ID:


Date Published:

15 March 2017

Date Revised:



Compromise Type:

Remote code execution, information disclosure

Compromise From:


Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016


Multiple vulnerabilities were discovered in Windows Uniscribe; if successfully exploited, they could lead to remote code execution and information disclosure. 

Detailed Description

Microsoft has released a security update following the discovery of multiple vulnerabilities in Windows Uniscribe. Eight of those were remote code execution vulnerabilities caused by improper handling of objects in memory while twenty one of those were information disclosure vulnerabilities caused by improper disclosure of contents in memory. All of these issues have been fixed through the latest update by making corrective modifications on applicable components. 

CVE Reference

CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128


Install the latest security patch for applicable system, available for download from


Microsoft Security Bulletin MS17-011