CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8483 – Microsoft Windows Kernel - 'ATMFD.DLL' Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table
https://notcve.org/view.php?id=CVE-2017-8483
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE -2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from an ATMFD.DLL out-of-bounds read vulnerability via a malformed Name INDEX in the CFF table. • https://www.exploit-db.com/exploits/42243 http://www.securityfocus.com/bid/98859 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8483 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 97%CPEs: 13EXPL: 11CVE-2017-8464 – Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8464
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." Windows Shell en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite a los usuarios locales o atacantes remotos ejecutar código arbitrario por medio de un archivo .LNK creado, que no se maneja apropiadamente durante la visualización del icono en el Explorador de Windows o en cualquier otra aplicación que analice el icono del acceso directo. también se conoce como "LNK Remote Code Execution Vulnerability." Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file • https://www.exploit-db.com/exploits/42382 https://www.exploit-db.com/exploits/42429 https://github.com/3gstudent/CVE-2017-8464-EXP https://github.com/doudouhala/CVE-2017-8464-exp-generator https://github.com/Elm0D/CVE-2017-8464 https://github.com/TrG-1999/DetectPacket-CVE-2017-8464 https://github.com/TieuLong21Prosper/Detect-CVE-2017-8464 https://github.com/xssfile/CVE-2017-8464-EXP https://github.com/tuankiethkt020/Phat-hien-CVE-2017-8464 http://www.securityfocus.com/bid& •
CVSS: 7.6EPSS: 10%CPEs: 13EXPL: 0CVE-2017-8517
https://notcve.org/view.php?id=CVE-2017-8517
Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524. Los navegadores de Microsoft en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario el contexto del usuario actual cuando los motores de JavaScript fallan en la interpretación durante el manejo de objetos en memoria en los navegadores de Microsoft, también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID de CVE es diferente de CVE-2017-8522 y CVE-2017-8524. • http://www.securityfocus.com/bid/98895 http://www.securitytracker.com/id/1038673 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8517 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8478 – Microsoft Windows - 'nt!NtQueryInformationJobObject (information class 12)' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8478
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE -2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationJobObject (information class 12). • https://www.exploit-db.com/exploits/42231 http://www.securityfocus.com/bid/98845 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8478 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 1CVE-2017-8490 – Microsoft Windows - 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8490
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE -2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. Microsoft Windows suffers from a kernel pool memory disclosure vulnerability in win32k!NtGdiEnumFonts. • https://www.exploit-db.com/exploits/42214 http://www.securityfocus.com/bid/98867 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8490 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •