CVSS: 7.6EPSS: 90%CPEs: 2EXPL: 1CVE-2017-8729 – Microsoft Edge - Chakra Incorrectly Parses Object Patterns
https://notcve.org/view.php?id=CVE-2017-8729
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. Múltiples vulnerabilidades Cross-Site Scripting (XSS) en el plugin Activity Log en versiones anteriores a la 2.4.1 para WordPress permiten que los atacantes remotos inyecten código HTML o JavaScript arbitrario mediante un título que no está escapado. Microsoft Edge Charka incorrectly parses object patterns. • https://www.exploit-db.com/exploits/42763 http://www.securityfocus.com/bid/100733 http://www.securitytracker.com/id/1039342 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8739
https://notcve.org/view.php?id=CVE-2017-8739
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". Microsoft Edge en Microsoft Windows 10 1703 permite a un atacante obtener información para comprometer el sistema del usuario por la manera en la que el motor de scripting de Microsoft Edge maneja los objetos en la memoria. Esto también se conoce como "Scripting Engine Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/100761 http://www.securitytracker.com/id/1039342 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8739 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 90%CPEs: 3EXPL: 1CVE-2017-8731 – Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
https://notcve.org/view.php?id=CVE-2017-8731
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. Microsoft Edge en Microsoft Windows 10 1607 y Windows Server 2016 permite a un atacante ejecutar código arbitrario en el contexto del usuario actual por la manera en la que Microsoft Edge accede a los objetos en la memoria. Esto también se conoce como "Microsoft Edge Memory Corruption Vulnerability". El ID de este CVE es distinto a CVE-2017-8734, CVE-2017-8751 y CVE-2017-11766. • https://www.exploit-db.com/exploits/42758 http://www.securityfocus.com/bid/100735 http://www.securitytracker.com/id/1039326 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 16%CPEs: 12EXPL: 0CVE-2017-8728 – Microsoft Windows PDF Library JPEG2000 Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8728
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. La biblioteca de PDF de Microsoft Windows en Microsoft Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite a un atacante ejecutar código remotamente en el contexto del usuario actual por la manera en la que la biblioteca de PDF de Windows maneja los objetos en la memoria. Esto también se conoce como "Windows PDF Remote Code Execution Vulnerability". El ID de este CVE es distinto a CVE-2017-8737. • http://www.securityfocus.com/bid/100739 http://www.securitytracker.com/id/1039327 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 16%CPEs: 10EXPL: 0CVE-2017-8737 – Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8737
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. La biblioteca de PDF de Microsoft Windows en Microsoft Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite a un atacante ejecutar código remotamente en el contexto del usuario actual por la manera en la que la biblioteca de PDF de Windows maneja los objetos en la memoria. Esto también se conoce como "Windows PDF Remote Code Execution Vulnerability". El ID de este CVE es distinto a CVE-2017-8728. • http://www.securityfocus.com/bid/100749 http://www.securitytracker.com/id/1039327 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •