CVSS: 7.6EPSS: 1%CPEs: 10EXPL: 0CVE-2017-8519
https://notcve.org/view.php?id=CVE-2017-8519
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 y R2 SP1, Windows versión 8.1 y Windows RT versión 8.1, y Windows Server 2012 y R2, permiten a un atacante ejecutar código arbitrario en el contexto del usuario actual cuando Internet Explorer accede inapropiadamente objetos en la memoria, también se conoce como "Internet Explorer Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-8547. • http://www.securityfocus.com/bid/98899 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8519 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8481 – Microsoft Windows - 'nt!NtQueryInformationResourceManager (information class 0)' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8481
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versión 8.1, Windows Server 2012 Gold y R2, Windows RT versión 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite a un atacante autenticado conseguir información por medio de una aplicación creada se conoce también como "Windows Kernel Information Disclosure Vulnerability", Este ID de CVE es una vulnerabilidad diferente a las CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, y CVE-2017-0297. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationResourceManager (information class 0). • https://www.exploit-db.com/exploits/42242 http://www.securityfocus.com/bid/98862 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8481 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 14%CPEs: 9EXPL: 0CVE-2017-8528
https://notcve.org/view.php?id=CVE-2017-8528
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283. Uniscribe en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versión 8.1, Windows Server 2012 versión Gold y R2, Windows RT versión 8.1, Windows versiones 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3 y Microsoft Office 2010 SP2, permite una vulnerabilidad de ejecución de código remota debido a la manera en que maneja los objetos en la memoria, también se conoce como "Windows Uniscribe Remote Code Execution Vulnerability". El ID de este CVE es diferente de CVE-2017-0283. • http://www.securityfocus.com/bid/98949 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 9EXPL: 0CVE-2017-0291 – Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0291
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292. Windows PDF en Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten la ejecución remota de código si un usuario abre un archivo PDF especialmente diseñado, también conocido como "Windows PDF Remote Vulnerabilidad de ejecución de código ". Este CVE ID es exclusivo de CVE-2017-0292. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. • http://www.securityfocus.com/bid/98835 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0291 •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8476 – Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessVmCounters)' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8476
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511,1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE -2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in nt!NtQueryInformationProcess (ProcessVmCounters). • https://www.exploit-db.com/exploits/42229 http://www.securityfocus.com/bid/98903 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8476 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •