CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 1CVE-2017-8473 – Microsoft Windows - 'win32k!NtGdiGetRealizationInfo' Kernel Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8473
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y Windows Server 2016 permiten a un atacante autenticado ejecutar una aplicación especialmente creada cuando el kernel de Windows inicializa inapropiadamente los objetos en la memoria , también se conoce como "Win32k Information Disclosure Vulnerability". Este ID de CVE es diferente de los CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477 y CVE-2017-8484. The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32k! • https://www.exploit-db.com/exploits/42226 http://www.securityfocus.com/bid/98852 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8473 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 1CVE-2017-8489 – Microsoft Windows - '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-8489
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. El kernel de Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite que un atacante autenticado obtenga información por medio de una aplicación especialmente creada. También se conoce como "Windows Kernel Information Disclosure Vulnerability," una vulnerabilidad diferente de los CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE -2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017 -0300, CVE-2017-0299 y CVE-2017-0297. Microsoft Windows Kernel has an issue where the handler of the 0x224000 IOCTL (corresponding to the WmiQueryAllData functionality) implemented by the \\.\WMIDataDevice device in ntoskrnl.exe (as dispatched by the nt! • https://www.exploit-db.com/exploits/42213 http://www.securityfocus.com/bid/98865 http://www.securitytracker.com/id/1038659 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8489 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2017-8460 – Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-8460
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability". Windows PDF en Windows versión 8.1, Windows Server 2012 Gold y R2, Windows RT versión 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permite la divulgación de información cuando un usuario abre un archivo PDF especialmente creado, se conoce también como "Windows PDF Information Disclosure Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • http://www.securityfocus.com/bid/98887 http://www.securitytracker.com/id/1038678 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 16%CPEs: 12EXPL: 0CVE-2017-0292 – Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0292
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291. Windows PDF en Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016 permiten la ejecución remota de código si un usuario abre un archivo PDF especialmente diseñado, también conocido como "Windows PDF Remote Vulnerabilidad de ejecución de código ". Este CVE ID es exclusivo de CVE-2017-0291. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. • http://www.securityfocus.com/bid/98836 http://www.securitytracker.com/id/1038678 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292 •
CVSS: 7.6EPSS: 1%CPEs: 13EXPL: 0CVE-2017-8547 – Microsoft Internet Explorer InsertRow Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8547
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows versión 8.1 y Windows RT versión 8.1, y Windows Server 2012 y R2, permiten a un atacante ejecutar código arbitrario en el contexto del usuario actual cuando Internet Explorer accede inapropiadamente a objetos en memoria, también se conoce como "Internet Explorer Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-8519. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/98932 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8547 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •