CVSS: 3.1EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11791
https://notcve.org/view.php?id=CVE-2017-11791
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. ChakraCore e Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga información para después comprometer el sistema del usuario Esto se debe a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2017-11834. • http://www.securityfocus.com/bid/101715 http://www.securitytracker.com/id/1039796 http://www.securitytracker.com/id/1039797 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2017-11847 – Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-11847
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". El kernel de Windows en Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y RT1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016, y Windows Server en su versión 1709 permite que un atacante ejecute código arbitrario en modo kernel; instale programas; visualice, cambie o elimine datos; y cree nuevas cuentas con todos los derechos de usuario debido a que se gestionan de manera incorrecta los objetos en la memoria. Esta vulnerabilidad también se conoce como "Windows Kernel Elevation of Privilege Vulnerability". This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of menus in the win32k driver. • http://www.securityfocus.com/bid/101729 http://www.securitytracker.com/id/1039782 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847 •
CVSS: 7.6EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11837 – Microsoft Windows JavaScript Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11837
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. ChakraCore e Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873. • http://www.securityfocus.com/bid/101722 http://www.securitytracker.com/id/1039780 http://www.securitytracker.com/id/1039781 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0CVE-2017-11880
https://notcve.org/view.php?id=CVE-2017-11880
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. El kernel de Windows en Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016 permite que un atacante ejecute una aplicación especialmente manipulada y obtenga información para comprometer aún más el sistema del usuario, debido a la forma en la que el kernel de Windows inicializa incorrectamente los objetos en la memoria. Esto también se conoce como "Windows Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2017-11831. • http://www.securityfocus.com/bid/101755 http://www.securitytracker.com/id/1039782 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11827
https://notcve.org/view.php?id=CVE-2017-11827
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2; y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual. Esto se debe a la manera en la que los navegadores de Microsoft gestionan los objetos en la memoria. Esta vulnerabilidad también se conoce como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/101703 http://www.securitytracker.com/id/1039780 http://www.securitytracker.com/id/1039781 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •