CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2017-8736
https://notcve.org/view.php?id=CVE-2017-8736
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten a un atacante obtener información específica en el dominio padre por la verificación de dominios padre del navegador de Windows en ciertas funcionalidades. Esto también se conoce como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/100743 http://www.securitytracker.com/id/1039342 http://www.securitytracker.com/id/1039343 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 59%CPEs: 16EXPL: 1CVE-2017-8682 – Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Reads/Writes with Malformed 'fpgm' table 'win32k!bGeneratePath' (Denial of Service)
https://notcve.org/view.php?id=CVE-2017-8682
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. Los gráficos de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703; Windows Server 2016; Microsoft Office Word Viewer; Microsoft Office 2007 Service Pack 3; y Microsoft Office 2010 Service Pack 2 permite que un atacante ejecute código remoto debido a la forma en la que se gestionan las fuentes embebidas. Esto también se conoce como "Win32k Graphics Remote Code Execution Vulnerability". Este ID CVE es exclusivo de CVE-2017-8683. • https://www.exploit-db.com/exploits/42744 http://www.securityfocus.com/bid/100772 http://www.securitytracker.com/id/1039352 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 7%CPEs: 15EXPL: 0CVE-2017-8741
https://notcve.org/view.php?id=CVE-2017-8741
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 e Internet Explorer y Microsoft Edge en Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten a un atacante ejecutar código remotamente en el contexto del usuario actual por la manera en la que los motores JavaScript de los navegadores de Microsoft renderizan los contenidos cuando manejan los objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es distinto a CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756 y CVE-2017-11764. • http://www.securityfocus.com/bid/100764 http://www.securitytracker.com/id/1039342 http://www.securitytracker.com/id/1039343 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2017-8733
https://notcve.org/view.php?id=CVE-2017-8733
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite a un atacante engañar a un usuario para que crea que visitaba una página web legítima por la manera en la que Internet Explorer maneja los contenidos HTML. Esto también se conoce como "Internet Explorer Spoofing Vulnerability". • http://www.securityfocus.com/bid/100737 http://www.securitytracker.com/id/1039328 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733 •
CVSS: 7.6EPSS: 7%CPEs: 13EXPL: 0CVE-2017-8748
https://notcve.org/view.php?id=CVE-2017-8748
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten a un atacante ejecutar código remotamente en el contexto del usuario actual por la manera en la que los motores JavaScript de los navegadores de Microsoft renderizan los contenidos cuando manejan los objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es distinto a CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756 y CVE-2017-11764. • http://www.securityfocus.com/bid/100766 http://www.securitytracker.com/id/1039342 http://www.securitytracker.com/id/1039343 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •