CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-8668
https://notcve.org/view.php?id=CVE-2017-8668
The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". El Volume Manager Extension Driver en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 permite que un atacante ejecute una aplicación especialmente manipulada y obtenga información del kernel. Esto también se conoce como "Volume Manager Extension Driver Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/100092 http://www.securitytracker.com/id/1039108 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8668 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-0174
https://notcve.org/view.php?id=CVE-2017-0174
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability". Windows NetBIOS en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que se produzca una denegación de servicio cuando gestiona incorrectamente paquetes NetBIOS. Esto también se conoce como "Windows NetBIOS Denial of Service Vulnerability". • http://www.securityfocus.com/bid/100038 http://www.securitytracker.com/id/1039109 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0174 •
CVSS: 7.6EPSS: 88%CPEs: 21EXPL: 4CVE-2017-8636 – Microsoft Edge Chakra - 'EmitNew' Integer Overflow
https://notcve.org/view.php?id=CVE-2017-8636
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript de los navegadores Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42478 https://www.exploit-db.com/exploits/42466 https://www.exploit-db.com/exploits/42468 https://www.exploit-db.com/exploits/42467 http://www.securityfocus.com/bid/100056 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 43%CPEs: 19EXPL: 1CVE-2017-8635 – Microsoft Edge Chakra - 'TryUndeleteProperty' Incorrect Usage (Denial of Service)
https://notcve.org/view.php?id=CVE-2017-8635
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript renderizan cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42471 http://www.securityfocus.com/bid/100055 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8635 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 16%CPEs: 11EXPL: 0CVE-2017-0293 – Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0293
Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". Microsoft Windows PDF Library en Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que se produzca una vulnerabilidad de ejecución remota de código cuando gestiona de manera incorrecta objetos en la memoria. Esto también se conoce como "Windows PDF Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 images. • http://www.securityfocus.com/bid/100039 http://www.securitytracker.com/id/1039092 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0293 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •