CVSS: 7.6EPSS: 7%CPEs: 10EXPL: 0CVE-2017-8669
https://notcve.org/view.php?id=CVE-2017-8669
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a que los navegadores de Microsoft gestionan de forma incorrecta los objetos en la memoria mientras renderizan el contenido. Esto también se conoce como "Microsoft Browser Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8653. • http://www.securityfocus.com/bid/100068 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8669 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 9EXPL: 0CVE-2017-8591
https://notcve.org/view.php?id=CVE-2017-8591
Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability". Windows Input Method Editor (IME) en Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de ejecución remota de código cuando gestiona de manera incorrecta objetos en la memoria. Esto también se conoce como "Windows IME Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/99430 http://www.securitytracker.com/id/1039097 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8591 •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8593
https://notcve.org/view.php?id=CVE-2017-8593
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". Microsoft Win32k en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de elevación de privilegios cuando gestiona incorrectamente objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/100032 http://www.securitytracker.com/id/1039105 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8593 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.3EPSS: 66%CPEs: 13EXPL: 0CVE-2017-8620
https://notcve.org/view.php?id=CVE-2017-8620
Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". Windows Search en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de ejecución remota de código cuando gestiona incorrectamente objetos en la memoria. Esto también se conoce como "Windows Search Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/100034 http://www.securitytracker.com/id/1039091 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8620 https://threatpost.com/windows-search-bug-worth-watching-and-squashing/127434 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8666
https://notcve.org/view.php?id=CVE-2017-8666
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". Microsoft Win32k en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de revelación de información cuando gestiona incorrectamente objetos en la memoria. Esto también se conoce como "Win32k Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/100089 http://www.securitytracker.com/id/1039105 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •