CVSS: 5.3EPSS: 8%CPEs: 4EXPL: 1CVE-2017-0061 – Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)
https://notcve.org/view.php?id=CVE-2017-0061
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063. La funcionalidad de manejo de memoria Color Management Module (ICM32.dll) en Windows Vista SP2, Windows Server 2008 SP2 y R2 y Windows 7 SP1 permite a atacantes remotos eludir ASLR y ejecutar código en combinación con otra vulnerabilidad a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Color Management Information Disclosure Vulnerability". Esta vulnerabilidad es diferente de la descrita en CVE-2017-0063. • https://www.exploit-db.com/exploits/41657 http://www.securityfocus.com/bid/96638 http://www.securitytracker.com/id/1038002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 15%CPEs: 12EXPL: 1CVE-2017-0063 – Microsoft Color Management Module 'icm32.dll' - 'icm32!LHCalc3toX_Di16_Do16_Lut8_G32' Out-of-Bounds Read (MS17-013)
https://notcve.org/view.php?id=CVE-2017-0063
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061. La funcionalidad de manejo de memoria Color Management Module (ICM32.dll) en Windows Vista SP2; Windows Server 2008 SP2 y R2 y Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos eludir ASLR y ejecutar código en combinación con otra vulnerabilidad a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Color Management Information Disclosure Vulnerability". Esta vulnerabilidad es diferente de la descrita en CVE-2017-0061. Microsoft Windows Color Management library suffers from a crash vulnerability. • https://www.exploit-db.com/exploits/41659 http://www.securityfocus.com/bid/96643 http://www.securitytracker.com/id/1038002 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 16%CPEs: 4EXPL: 1CVE-2017-0072 – Microsoft Windows - Uniscribe Font Processing Buffer Overflow in 'USP10!FillAlternatesList' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0072
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089 y CVE-2017-0090. Microsoft Windows suffers from a uniscribe font processing buffer overflow vulnerability in USP10! • https://www.exploit-db.com/exploits/41654 http://www.securityfocus.com/bid/96599 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 29%CPEs: 12EXPL: 1CVE-2017-0084 – Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0084
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Windows Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089 y CVE-2017-0090. Microsoft Windows suffers from a uniscribe font processing out-of-bounds read/write vulnerability in USP10! • https://www.exploit-db.com/exploits/41648 http://www.securityfocus.com/bid/96610 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0084 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 1CVE-2017-0086 – Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!otlCacheManager::GlyphsSubstituted' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0086
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089 y CVE-2017-0090. Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10! • https://www.exploit-db.com/exploits/41649 http://www.securityfocus.com/bid/96603 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0086 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •