CVE-2017-8475 – Microsoft Windows Kernel win32k!ClientPrinterThunk Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8475
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484. Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016 permiten que un atacante autenticado ejecute una aplicación especialmente creada cuando el kernel de Windows se inicializa inapropiadamente objetos en la memoria, también se conoce como "Win32k Information Disclosure Vulnerability". Este ID de CVE es diferente de los CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477 y CVE-2017-8484. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k! • http://www.securityfocus.com/bid/98853 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8475 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-8477 – Microsoft Windows - 'win32k!NtGdiMakeFontDir' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8477
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten a un atacante autenticado ejecutar un especialmente creado aplicación cuando el kernel de Windows inicializa inapropiadamente los objetos en la memoria, también se conoce como "Win32k Information Disclosure Vulnerability". Este ID de CVE es diferente de los CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475 y CVE-2017-8484. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k! • https://www.exploit-db.com/exploits/42230 http://www.securityfocus.com/bid/98854 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-8482 – Microsoft Windows - 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling
https://notcve.org/view.php?id=CVE-2017-8482
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE -2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in exception handling (nt!KiDispatchException). • https://www.exploit-db.com/exploits/42220 http://www.securityfocus.com/bid/98858 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8482 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-8522
https://notcve.org/view.php?id=CVE-2017-8522
Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524. Los navegadores de Microsoft Windows versión 8.1 y Windows RT versión 8.1, Windows Server 2012 y R2, Windows 10 versiones Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual cuando los motores de JavaScript no se procesan cuando manejan objetos en la memoria en los navegadores de Microsoft, también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID de CVE es diferente de los CVE-2017-8517 y CVE-2017-8524. • http://www.securityfocus.com/bid/98926 http://www.securitytracker.com/id/1038673 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-8529
https://notcve.org/view.php?id=CVE-2017-8529
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows versión 8.1 y Windows RT versión 8.1, y Windows Server 2012 y R2, permiten a un atacante detectar archivos específicos en el equipo del usuario cuando los motores de scripting de Microsoft afectados no manejan apropiadamente los objetos en la memoria, también se conoce como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/98953 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •