CVE-2017-0096
https://notcve.org/view.php?id=CVE-2017-0096
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." Hyper-V en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold y R2; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios del SO invitado obtener información sensible de la memoria del SO anfitrión a través de una aplicación manipulada, vulnerabilidad también conocida como "Hyper-V Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/96701 http://www.securitytracker.com/id/1037999 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0099
https://notcve.org/view.php?id=CVE-2017-0099
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097. Hyper-V en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios del SO invitado, ejecutándose como máquinas virtuales, provocar una denegación de servicio a través de una aplicación manipulada, vulnerabilidad también conocida como "Hyper-V Denial of Service Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0098, CVE-2017-0074, CVE-2017-0076 y CVE-2017-0097. • http://www.securityfocus.com/bid/96640 http://www.securitytracker.com/id/1037999 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0099 • CWE-20: Improper Input Validation •
CVE-2017-0148 – Microsoft SMBv1 Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0148
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. El servidor SMBv1 en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; y Windows 10 Gold, 1511 y 1607; y Windows Server 2016 permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados, vulnerabilidad también conocida como "Windows SMB Remote Code Execution Vulnerability". Esta vulnerabilidad es diferente a la descrita en CVE-2017-0143, CVE-2017-0144, CVE-2017-0145 y CVE-2017-0146. The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. • https://www.exploit-db.com/exploits/41891 https://www.exploit-db.com/exploits/47456 https://www.exploit-db.com/exploits/41987 https://github.com/HakaKali/CVE-2017-0148 http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html http://www.securityfocus.com/bid/96706 http://www.securitytracker.com/id/1037991 https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf https: • CWE-20: Improper Input Validation •
CVE-2017-0114 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0114
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96661 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0076
https://notcve.org/view.php?id=CVE-2017-0076
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. Hyper-V en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 y R2; Windows 10, 1511 y 1607 y Windows Server 2016 permite a usuarios del SO invitado, ejecutándose como máquinas virtuales, provocar una denegación de servicio a través de una aplicación manipulada, vulnerabilidad también conocida como "Hyper-V Denial of Service Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0098, CVE-2017-0074, CVE-2017-0097 y CVE-2017-0099. • http://www.securityfocus.com/bid/96636 http://www.securitytracker.com/id/1037999 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076 • CWE-20: Improper Input Validation •