CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8577 – Microsoft Windows GDI Region Object Uninitialized Memory Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8577
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. Win32k en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite una vulnerabilidad de elevación de privilegios cuando gestiona incorrectamente objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2017-8578, CVE-2017-8580, CVE-2017-8581 y CVE-2017-8467. • http://www.securityfocus.com/bid/99416 http://www.securitytracker.com/id/1038853 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8577 • CWE-281: Improper Preservation of Permissions •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8486 – Microsoft Windows win32kfull CopyOutputString Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8486
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 versiones Gold, 1511, 1607, 1703 y Windows Server 2016, permiten la divulgación de información debido a la manera en que se manejan los objetos en la memoria, también se conoce como "Win32k Information Disclosure Vulnerability". This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull!CopyOutputString function. • http://www.securityfocus.com/bid/99414 http://www.securitytracker.com/id/1038853 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8486 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8578 – Microsoft Windows PlgBlt Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-8578
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. Win32k en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite una vulnerabilidad de elevación de privilegios cuando gestiona incorrectamente objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2017-8577, CVE-2017-8580, CVE-2017-8581 y CVE-2017-8467. • http://www.securityfocus.com/bid/99419 http://www.securitytracker.com/id/1038853 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8578 • CWE-281: Improper Preservation of Permissions •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8554
https://notcve.org/view.php?id=CVE-2017-8554
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. El kernel en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016 permite que un atacante autenticado obtenga contenido de la memoria mediante una aplicación especialmente manipulada. • http://www.securityfocus.com/bid/98942 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8554 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8479 – Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 28)' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8479
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE -2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationJobObject (information class 28). • https://www.exploit-db.com/exploits/42232 http://www.securityfocus.com/bid/98856 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •