CVSS: 7.6EPSS: 38%CPEs: 11EXPL: 0CVE-2017-0014
https://notcve.org/view.php?id=CVE-2017-0014
The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. El Windows Graphics Component en Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocido como "Windows Graphics Component Remote Code Execution Vulnerability". Esta vulnerabilidad es diferente de la descrita en CVE-2017-0108. • http://www.securityfocus.com/bid/96013 http://www.securitytracker.com/id/1038002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0014 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-9 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0078
https://notcve.org/view.php?id=CVE-2017-0078
The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. Los controladores del modo kernel en Microsoft Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. • http://www.securityfocus.com/bid/96631 http://www.securitytracker.com/id/1038017 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078 •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 1CVE-2017-0062 – Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
https://notcve.org/view.php?id=CVE-2017-0062
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073. La Graphics Device Interface (GDI) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "GDI+ Information Disclosure Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0060 y CVE-2017-0073. Microsoft Windows Uniscribe heap-based out-of-bounds read in USP10! • https://www.exploit-db.com/exploits/41658 http://www.securityfocus.com/bid/96715 http://www.securitytracker.com/id/1038002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 67%CPEs: 8EXPL: 0CVE-2017-0023
https://notcve.org/view.php?id=CVE-2017-0023
The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." La libreria PDF en Microsoft Edge; Windows 8.1; Windows Server 2012 y R2; Windows RT 8.1 y Windows 10, 1511 y 1607 permite a atacantes remotos ejecutar código arbitrario a través de un archivo PDF manipulado, vulnerabilidad también conocida como "Microsoft PDF Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/96075 http://www.securitytracker.com/id/1037989 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 1CVE-2017-0121 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0121
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96678 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0121 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •