CVSS: 7.6EPSS: 90%CPEs: 15EXPL: 1CVE-2017-11793 – Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-11793
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a cómo gestiona el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. • https://www.exploit-db.com/exploits/43368 http://www.securityfocus.com/bid/101141 http://www.securitytracker.com/id/1039532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 90%CPEs: 15EXPL: 1CVE-2017-11810 – Microsoft Internet Explorer 11 - 'jscript!JsErrorToString' Use-After-Free
https://notcve.org/view.php?id=CVE-2017-11810
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a cómo gestiona el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. Microsoft Internet Explorer 11 suffers from a use-after-free vulnerability in jscript! • https://www.exploit-db.com/exploits/43131 http://www.securityfocus.com/bid/101081 http://www.securitytracker.com/id/1039532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11810 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-11790 – Microsoft Office Excel xls File Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11790
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante obtenga información para comprometer aun más el sistema del usuario debido a cómo gestiona Internet Explorer los objetos en la memoria, lo que también se conoce como "Internet Explorer Information Disclosure Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Excel workbook files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • http://www.securityfocus.com/bid/101077 http://www.securitytracker.com/id/1039532 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11790 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-8733
https://notcve.org/view.php?id=CVE-2017-8733
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite a un atacante engañar a un usuario para que crea que visitaba una página web legítima por la manera en la que Internet Explorer maneja los contenidos HTML. Esto también se conoce como "Internet Explorer Spoofing Vulnerability". • http://www.securityfocus.com/bid/100737 http://www.securitytracker.com/id/1039328 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733 •
CVSS: 7.6EPSS: 1%CPEs: 4EXPL: 0CVE-2017-8651
https://notcve.org/view.php?id=CVE-2017-8651
Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". Internet Explorer en Microsoft Windows Server 2008 SP2 y Windows Server 2012 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a que Intermet Explorer accede de forma incorrecta a los objetos en la memoria. Esto también se conoce como "Internet Explorer Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/100058 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8651 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •