CVSS: 7.6EPSS: 5%CPEs: 16EXPL: 0CVE-2017-8653 – Microsoft Internet Explorer SVG Layout Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8653
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8669. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a que los navegadores Microsoft acceden de forma incorrecta a los objetos en la memoria. Esto también se conoce como "Microsoft Browser Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8669. • http://www.securityfocus.com/bid/100059 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8624 – Microsoft Windows CLFS Driver Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8624
CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". El controlado Common Log File System (CLFS) en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de elevación de privilegios debido a la forma en la que gestiona objetos en la memoria. Esto también se conoce como "Windows CLFS Elevation of Privilege Vulnerability". This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log File System (CLFS) driver. • http://www.securityfocus.com/bid/100061 http://www.securitytracker.com/id/1039106 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624 •
CVSS: 8.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8633 – Microsoft Windows Error Reporting Manager Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8633
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". Windows Error Reporting (WER) en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de elevación de privilegios. Esto también se conoce como "Windows Error Reporting Elevation of Privilege Vulnerability". This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute medium-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Error Reporting Manager (wermgr). • http://www.securityfocus.com/bid/100069 http://www.securitytracker.com/id/1039102 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8633 • CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 95%CPEs: 16EXPL: 1CVE-2017-8641 – Microsoft Chakra eval Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8641
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Los navegadores Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript de los navegadores Microsoft renderizan cuando gestiona objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42465 http://www.securityfocus.com/bid/100057 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8641 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 15%CPEs: 12EXPL: 0CVE-2017-0250 – Microsoft Windows Jet Engine Library Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0250
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". Microsoft JET Database Engine en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que se produzca una vulnerabilidad de ejecución remota de código debido a un desbordamiento de búfer. Esto también se conoce como "Microsoft JET Database Engine Remote Code Execution Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Microsoft Jet Engine Library. • http://www.securityfocus.com/bid/98100 http://www.securitytracker.com/id/1039090 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0250 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •