CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8491 – Microsoft Windows - 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8491
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE -2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from a volmgr pool memory disclosure vulnerability in the handling of IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS. • https://www.exploit-db.com/exploits/42215 http://www.securityfocus.com/bid/98869 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8484 – Microsoft Windows - 'win32k!NtGdiGetOutlineTextMetricsInternalW' Kernel Pool Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8484
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477. Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten a un atacante autenticado ejecutar una aplicación especialmente creada cuando el kernel de Windows inicializa inapropiadamente los objetos en la memoria, también se conoce como "Win32k Information Disclosure Vulnerability". Este ID de CVE es diferente de los CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475 y CVE-2017-8477. The Microsoft Windows kernel pool suffers from a memory disclosure due to output structure alignment in win32k! • https://www.exploit-db.com/exploits/42210 http://www.securityfocus.com/bid/98847 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-8493
https://notcve.org/view.php?id=CVE-2017-8493
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". Microsoft Windows versión 8.1 y Windows RT versión 8.1, Windows Server 2012 R2, Windows 10 versiones Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten a un atacante establecer variables que son de solo lectura o requieren autenticación cuando Windows no puede exigir la confidencialidad de mayúsculas y minúsculas para ciertas comprobaciones de variables, también se conoce como "Windows Security Feature Bypass Vulnerability". • http://www.securityfocus.com/bid/98850 http://www.securitytracker.com/id/1038671 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8493 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 6.5EPSS: 1%CPEs: 14EXPL: 0CVE-2017-8533 – Microsoft Windows DirectWrite Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8533
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. Los gráficos en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten la divulgación incorrecta de los contenidos de la memoria, alias "Vulnerabilidad de divulgación de información de Uniscribe de gráficos". Esta ID de CVE es única de CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531 y CVE-2017-8532. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. • http://www.securityfocus.com/bid/98821 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533 https://www.zerodayinitiative.com/advisories/ZDI-19-581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-8544
https://notcve.org/view.php?id=CVE-2017-8544
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows versión 8.1 y Windows RT versión 8.1, Windows Server 2012 y R2, Windows 10 versiones Gold, 1511, 1607 y 1703, y Windows Server 2016, permiten a un atacante obtener información para comprometer más el sistema del usuario cuando Windows Search no maneja objetos en la memoria, también se conoce como "Windows Search Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/98826 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8544 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •