CVSS: 9.3EPSS: 43%CPEs: 18EXPL: 2CVE-2017-0283 – Microsoft Windows - 'USP10!MergeLigRecords' Uniscribe Font Processing Heap Memory Corruption
https://notcve.org/view.php?id=CVE-2017-0283
15 Jun 2017 — Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way... • https://packetstorm.news/files/id/143078 •
CVSS: 9.3EPSS: 73%CPEs: 18EXPL: 0CVE-2017-8527 – Microsoft Security Bulletin CVE Update for June, 2017
https://notcve.org/view.php?id=CVE-2017-8527
15 Jun 2017 — Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". Graphics en Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows versión 8.1, Windows Server 2012 Gold y R2, Windows RT versión 8.1, Windows 10 Gold, 1511, 1607, 1703 y Windo... • http://www.securityfocus.com/bid/98933 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 20%CPEs: 12EXPL: 3CVE-2017-0108 – Microsoft Windows - 'USP10!otlList::insertAt' Uniscribe Font Processing Heap Buffer Overflow (MS17-011)
https://notcve.org/view.php?id=CVE-2017-0108
17 Mar 2017 — The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014. El Windows Graphics Component en Microsoft Office 2007 SP3; ... • https://packetstorm.news/files/id/141720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 25EXPL: 2CVE-2016-3209 – Microsoft Windows - 'win32k.sys' TTF Processing RCVT TrueType Instruction Handler Out-of-Bounds Read (MS16-120)
https://notcve.org/view.php?id=CVE-2016-3209
14 Oct 2016 — Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspeci... • https://packetstorm.news/files/id/139278 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 53%CPEs: 1EXPL: 0CVE-2016-3367
https://notcve.org/view.php?id=CVE-2016-3367
14 Sep 2016 — StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not properly allocate memory for string-insert and string-append operations, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability." StringBuilder en Microsoft Silverlight 5 en versiones anteriores a 5.1.50709.0 no asigna memoria adecuadamente para operaciones de insertar cadenas y concatenar cadenas, lo que permite a atacantes remotos ejecutar código arbitrar... • http://www.securityfocus.com/bid/92837 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 54%CPEs: 1EXPL: 1CVE-2016-0034 – Microsoft Silverlight Runtime Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0034
13 Jan 2016 — Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." Microsoft Silverlight 5 en versiones anteriores a 5.1.41212.0 no maneja correctamente offsets negativos durante la decodificación, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servi... • https://github.com/hybridious/CVE-2016-0034-Decompile • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 7%CPEs: 1EXPL: 0CVE-2015-6114
https://notcve.org/view.php?id=CVE-2015-6114
09 Dec 2015 — Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocida como 'Microsoft Silverlight Information Disclosure Vulnerability', una vulnerabilida... • http://www.securitytracker.com/id/1034321 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 66%CPEs: 1EXPL: 0CVE-2015-6166
https://notcve.org/view.php?id=CVE-2015-6166
09 Dec 2015 — Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests, aka "Microsoft Silverlight RCE Vulnerability." Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango o acceso a escritura) a través de peticiones de apertura y cierre no especificadas, ta... • http://www.securitytracker.com/id/1034321 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 7%CPEs: 1EXPL: 0CVE-2015-6165
https://notcve.org/view.php?id=CVE-2015-6165
09 Dec 2015 — Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114. Microsoft Silverlight 5 en versiones anteriores a 5.1.41105.00 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocida como 'Microsoft Silverlight Information Disclosure Vulnerability', una vulnerabilida... • http://www.securitytracker.com/id/1034321 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 26%CPEs: 36EXPL: 0CVE-2015-6108
https://notcve.org/view.php?id=CVE-2015-6108
09 Dec 2015 — The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 2007 SP3; Office 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6; Skype for Business 2016; Lync 2010; Lync 2013 SP1; Live Meeting 2007 Console; and Silverlight 5 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption V... • http://www.securitytracker.com/id/1034329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •