CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-0115 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0115
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96663 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-0050
https://notcve.org/view.php?id=CVE-2017-0050
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." La API del kernel en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511 y 1607; Windows RT 8.1; Windows Server 2012 Gold y R2 y Windows Server 2016 no aplica correctamente permisos, lo que permite a usuarios locales suplantar procesos, suplantar comunicación entre procesos o provocar una denegación de servicio a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Kernel Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/96025 http://www.securitytracker.com/id/1038013 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0050 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-0125 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0125
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96672 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0125 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 21%CPEs: 4EXPL: 1CVE-2017-0083 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0083
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Remote Code Execution Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089 y CVE-2017-0090. Microsoft Windows suffers from uniscribe font processing heap-based out-of-bounds and wild read vulnerabilities. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96608 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0083 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-0123 – Microsoft Windows - Uniscribe Font Processing Multiple Heap Out-of-Bounds and Wild Reads (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0123
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, vulnerabilidad también conocida como "Uniscribe Information Disclosure Vulnerability". CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127 y CVE-2017-0128. • https://www.exploit-db.com/exploits/41655 http://www.securityfocus.com/bid/96669 http://www.securitytracker.com/id/1037992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •