CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 1CVE-2017-0087 – Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0087
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089 y CVE-2017-0090. Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10! • https://www.exploit-db.com/exploits/41650 http://www.securityfocus.com/bid/96604 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 1CVE-2017-0088 – Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0088
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Windows Uniscribe Remote Code Execution Vulnerability". Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!ttoGetTableData. • https://www.exploit-db.com/exploits/41651 http://www.securityfocus.com/bid/96605 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0088 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 1CVE-2017-0089 – Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0089
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088 y CVE-2017-0090. Microsoft Windows suffers from a uniscribe font processing out-of-bounds write in USP10! • https://www.exploit-db.com/exploits/41652 http://www.securityfocus.com/bid/96606 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 19%CPEs: 4EXPL: 1CVE-2017-0090 – Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around 'USP10!BuildFSM' (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0090
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088 y CVE-2017-0089. Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability around USP10! • https://www.exploit-db.com/exploits/41653 http://www.securityfocus.com/bid/96607 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0090 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 92%CPEs: 35EXPL: 7CVE-2017-0147 – Microsoft Windows SMBv1 Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-0147
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." El servidor SMBv1 en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; y Windows 10 Gold, 1511 y 1607; y Windows Server 2016 permite a atacantes remotos obtener información sensible de la memoria del proceso a través de paquetes manipulados, vulnerabilidad también conocida como "Windows SMB Information Disclosure Vulnerability". The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet. • https://www.exploit-db.com/exploits/41891 https://www.exploit-db.com/exploits/47456 https://www.exploit-db.com/exploits/43970 https://www.exploit-db.com/exploits/41987 https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2017-0147.A http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html http://www.securityfocus.com/bid/96709 http://www.securitytracker.com/id/1037991 http •