CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2017-0158 – Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-0158
An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." Existe una vulnerabilidad de elevación de privilegios cuando Microsoft Windows, que se ejecuta en Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1 y Windows Server 2012 R2, no desinfecta adecuadamente los identificadores de memoria, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Microsoft ADO (ActiveX Data Objects) methods that accept an array as a parameter. By performing actions in script, an attacker can cause a pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/97455 http://www.securitytracker.com/id/1038238 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0158 •
CVSS: 7.6EPSS: 2%CPEs: 11EXPL: 0CVE-2017-0075
https://notcve.org/view.php?id=CVE-2017-0075
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109. Hyper-V en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permiten a usuarios del SO invitado ejecutar código arbitrario en el SO anfitrión a través de una aplicación manipulada, vulnerabilidad también conocida como "Hyper-V Remote Code Execution Vulnerability". Esta vulnerabilidad es diferente de la descrita en CVE-2017-0109. • http://www.securityfocus.com/bid/96698 http://www.securitytracker.com/id/1037999 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075 •
CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 1CVE-2017-0118 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0118
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96680 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-0127 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0127
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96674 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0127 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-0050
https://notcve.org/view.php?id=CVE-2017-0050
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." La API del kernel en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511 y 1607; Windows RT 8.1; Windows Server 2012 Gold y R2 y Windows Server 2016 no aplica correctamente permisos, lo que permite a usuarios locales suplantar procesos, suplantar comunicación entre procesos o provocar una denegación de servicio a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Kernel Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/96025 http://www.securitytracker.com/id/1038013 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050 •