CVSS: 7.3EPSS: 2%CPEs: 12EXPL: 8CVE-2017-0213 – Microsoft Windows Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-0213
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. Windows COM Aggregate Marshaler en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016, permite una elevación de privilegios cuando un atacante ejecuta una aplicación especialmente modificada, también conocida como "Windows COM Elevation of Privilege Vulnerability". Este CVE ID es único para CVE-2017-0214. Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42020 https://github.com/zcgonvh/CVE-2017-0213 https://github.com/eonrickity/CVE-2017-0213 https://github.com/shaheemirza/CVE-2017-0213- https://github.com/jbooz1/CVE-2017-0213 https://github.com/billa3283/CVE-2017-0213 https://github.com/Anonymous-Family/CVE-2017-0213 https://github.com/Jos675/CVE-2017-0213-Exploit http://www.securityfocus.com/bid/98102 http://www.securitytracker.com/id/1038457 https://portal.msrc.microsoft.com&# •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-0077
https://notcve.org/view.php?id=CVE-2017-0077
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability." Los controladores del modo kernel en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windows Server 2016, permiten a un atacante local autenticado ejecutar una aplicación especialmente diseñada para obtener información, o en Windows 7 y posterior, causar denegación de servicio, también conocida como "Win32k Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/98114 http://www.securitytracker.com/id/1038454 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0077 •
CVSS: 8.8EPSS: 58%CPEs: 14EXPL: 0CVE-2017-0222 – Microsoft Internet Explorer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0222
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226. Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer accede incorrectamente a objetos en memoria, también conocido como "Internet Explorer Memory Corruption Vulnerability". Este CVE ID es exclusivo para CVE-2017-0226. A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. • http://www.securityfocus.com/bid/98127 http://www.securitytracker.com/id/1038423 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-0246
https://notcve.org/view.php?id=CVE-2017-0246
The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability." El componente gráfico de los controladores del modo kernel en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016, permite a los usuarios locales obtener privilegios a través de una aplicación manipulada, o en Windows 7 para sistemas basados ??en x64 y posteriores, causar denegación de servicio, también conocida como "Win32k Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/98108 http://www.securitytracker.com/id/1038449 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0246 •
CVSS: 7.0EPSS: 15%CPEs: 12EXPL: 0CVE-2017-0277
https://notcve.org/view.php?id=CVE-2017-0277
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279. El servidor Microsoft Server Message Block 1.0 (SMBv1) en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607 y 1703 y Windows Server 2016 permite a un atacante ejecutar código remoto por la forma en que se manejan ciertas solicitudes, también conocida como "Vulnerabilidad de ejecución remota de código de Windows SMB". Este CVE ID es exclusivo de CVE-2017-0272, CVE-2017-0278 y CVE-2017-0279. • http://www.securityfocus.com/bid/98270 http://www.securitytracker.com/id/1038430 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0277 •