CVSS: 9.3EPSS: 34%CPEs: 12EXPL: 0CVE-2018-8432
https://notcve.org/view.php?id=CVE-2018-8432
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10, Windows Server 2008. Existe una vulnerabilidad de ejecución remota de código debido a la forma en la que Microsoft Graphics Components gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Graphics Components Remote Code Execution Vulnerability". Esto afecta a Windows 7, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Windows Server 2019, Windows Server 2008 R2, Windows 10 y Windows Server 2008. • http://www.securityfocus.com/bid/105458 http://www.securitytracker.com/id/1041823 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8432 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-8419
https://notcve.org/view.php?id=CVE-2018-8419
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. Existe una vulnerabilidad de divulgación de información cuando el kernel de Windows no inicializa correctamente una dirección de memoria. Esto también se conoce como "Windows Kernel Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/105238 http://www.securitytracker.com/id/1041635 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8419 • CWE-665: Improper Initialization •
CVSS: 9.3EPSS: 12%CPEs: 16EXPL: 1CVE-2018-8420 – Microsoft Windows VBScript Class_Terminate MSXML6 Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8420
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de ejecución remota de código cuando el analizador Microsoft XML Core Services MSXML procesa las entradas de usuario. Esto también se conoce como "MS XML Remote Code Execution Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • https://github.com/idkwim/CVE-2018-8420 http://www.securityfocus.com/bid/105259 http://www.securitytracker.com/id/1041627 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8420 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 2CVE-2018-8410 – Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
https://notcve.org/view.php?id=CVE-2018-8410
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de elevación de privilegios cuando la API del kernel de Windows no gestiona adecuadamente los objetos en la memoria. Esto también se conoce como "Windows Registry Elevation of Privilege Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • https://www.exploit-db.com/exploits/45436 https://github.com/trapmine/CVE-2018-8410 http://www.securityfocus.com/bid/105256 http://www.securitytracker.com/id/1041635 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8410 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.3EPSS: 19%CPEs: 18EXPL: 0CVE-2018-8332
https://notcve.org/view.php?id=CVE-2018-8332
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de ejecución remota de código cuando la biblioteca de fuentes de Windows gestiona fuentes embebidas especialmente manipuladas. Esto también se conoce como "Win32k Graphics Remote Code Execution Vulnerability". Esto afecta a Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105248 http://www.securitytracker.com/id/1041628 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8332 •