CVSS: 7.6EPSS: 24%CPEs: 5EXPL: 0CVE-2017-0131
https://notcve.org/view.php?id=CVE-2017-0131
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • http://www.securityfocus.com/bid/96671 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0131 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 24%CPEs: 4EXPL: 0CVE-2017-0071 – Microsoft Edge Charkra Incorrect Jit Optimization
https://notcve.org/view.php?id=CVE-2017-0071
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • http://www.securityfocus.com/bid/96681 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0071 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 92%CPEs: 5EXPL: 1CVE-2017-0070 – Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free
https://notcve.org/view.php?id=CVE-2017-0070
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • https://www.exploit-db.com/exploits/41623 http://www.securityfocus.com/bid/96690 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070 • CWE-416: Use After Free •
CVSS: 4.2EPSS: 1%CPEs: 1EXPL: 0CVE-2017-0140 – Microsoft Edge Fetch API Arbitrary Header Setting
https://notcve.org/view.php?id=CVE-2017-0140
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135. Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy para elementos HTML en otros navegadores de windows, vulnerabilidad también conocida como "Microsoft Edge Security Feature Bypass Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0066 y CVE-2017-0135. It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. • http://www.securityfocus.com/bid/96653 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0140 •
CVSS: 8.1EPSS: 96%CPEs: 2EXPL: 5CVE-2017-0037 – Microsoft Edge and Internet Explorer Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-0037
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. Microsoft Internet Explorer 10 y 11 y Microsoft Edge tienen un problema de tipo de confusión en la función Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement en mshtml.dll, que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una secuencia de token Cascading Style Sheets (CSS) manipulada y código JavaScript manipulado que opera en un elemento TH. Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. • https://www.exploit-db.com/exploits/41454 https://www.exploit-db.com/exploits/43125 https://www.exploit-db.com/exploits/42354 https://github.com/chattopadhyaykittu/CVE-2017-0037 http://www.securityfocus.com/bid/96088 http://www.securitytracker.com/id/1037905 http://www.securitytracker.com/id/1037906 https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 https://portal.msrc.microsoft.com/en-US&# • CWE-704: Incorrect Type Conversion or Cast •