CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11932
https://notcve.org/view.php?id=CVE-2017-11932
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". Microsoft Exchange Server 2016 CU5 y Microsoft Exchange Server 2016 CU5 permiten una vulnerabilidad de suplantación por la manera en la que Outlook Web Access (OWA) valida las peticiones web. Esta vulnerabilidad también se conoce como "Microsoft Exchange Spoofing Vulnerability". • http://www.securityfocus.com/bid/102060 http://www.securitytracker.com/id/1039996 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 16%CPEs: 15EXPL: 0CVE-2017-11940
https://notcve.org/view.php?id=CVE-2017-11940
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. Microsoft Malware Protection Engine, tal y como se ejecuta en Microsoft Forefront y Microsoft Defender en Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703, 1709 y Windows Server 2016; Windows Server versión 1709 y Microsoft Exchange Server 2013 y 2016, no escanea correctamente un archivo especialmente manipulado. Esto conduce a la ejecución remota de código. Esto también se conoce como "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/102104 http://www.securitytracker.com/id/1039972 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 16%CPEs: 15EXPL: 0CVE-2017-11937
https://notcve.org/view.php?id=CVE-2017-11937
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". Microsoft Malware Protection Engine que se ejecute en Microsoft Forefront y Microsoft Defender en Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703, 1709 y Windows Server 2016; Windows Server versión 1709 y Microsoft Exchange Server 2013 y 2016, no escanea correctamente un archivo especialmente manipulado, lo que conduce a la ejecución remota de código. Esto también se conoce como "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/102070 http://www.securitytracker.com/id/1039972 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-11761
https://notcve.org/view.php?id=CVE-2017-11761
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" Microsoft Exchange Server 2013 y Microsoft Exchange Server 2016 permiten que se origine un problema de sanitización de entradas con Microsoft Exchange, lo que podría desembocar en una divulgación de información accidental. Esto también se conoce como "Microsoft Exchange Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/100731 http://www.securitytracker.com/id/1039320 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8758
https://notcve.org/view.php?id=CVE-2017-8758
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." Microsoft Exchange Server 2016 permite que ocurra una vulnerabilidad de elevación de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) no maneja las peticiones web correctamente. Esto también se conoce como "Microsoft Exchange Cross-Site Scripting Vulnerability." • http://www.securityfocus.com/bid/100723 http://www.securitytracker.com/id/1039320 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •