CVSS: 8.8EPSS: 26%CPEs: 12EXPL: 0CVE-2017-11762 – Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-11762
The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763. El componente Microsoft Graphics en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703; y Windows Server 2016 permite una vulnerabilidad de ejecución remota de código en la manera en la que gestiona fuentes embebidas especialmente manipuladas. Esto también se conoce como "Microsoft Graphics Remote Code Execution Vulnerability". El ID de este CVE es diferente de CVE-2017-11763. • http://www.securityfocus.com/bid/101108 http://www.securitytracker.com/id/1039536 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11762 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8689 – Microsoft Windows Submenu Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8689
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. Microsoft Windows Kernel Mode Driver en Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703; y Windows Server 2016 permite que se produzca una vulnerabilidad de elevación de privilegios cuando gestiona incorrectamente objetos en la memoria, lo que también se conoce como "Win32k Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2017-8694. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. • http://www.securityfocus.com/bid/101128 http://www.securitytracker.com/id/1039526 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689 •
CVSS: 7.8EPSS: 79%CPEs: 12EXPL: 0CVE-2017-11781 – Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-11781
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". Microsoft Server Block Message (SMB) en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016 permite una vulnerabilidad de denegación de servicio cuando un atacante envía peticiones especialmente manipuladas al servidor, lo que también se conoce como "Windows SMB Denial of Service Vulnerability". This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration. The specific flaw exists within the srv driver. A crafted request to an SMB share can trigger a read past the end of an allocated buffer. • http://www.securityfocus.com/bid/101140 http://www.securitytracker.com/id/1039528 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11781 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 22%CPEs: 12EXPL: 0CVE-2017-8717 – Microsoft Windows XLS File Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8717
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718. Microsoft JET Database Engine en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante tome el control de un sistema afectado debido a cómo gestiona objetos en la memoria, lo que también se conoce como"Microsoft JET Database Engine Remote Code Execution Vulnerability". El ID de este CVE es diferente de CVE-2017-8718. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. • http://www.securityfocus.com/bid/101161 http://www.securitytracker.com/id/1039527 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8717 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 8EXPL: 0CVE-2017-11779 – Microsoft Windows DNSAPI NSEC3_RecordRead Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11779
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". Microsoft Windows Domain Name System (DNS) DNSAPI.dll en Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016 permite una vulnerabilidad de ejecución remota de código cuando no gestiona correctamente respuestas DNS. Esto también se conoce como "Windows DNSAPI Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DNS responses. • http://www.securityfocus.com/bid/101166 http://www.securitytracker.com/id/1039533 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779 •