### *Detect date*:
09/12/2017
### *Severity*:
Critical
### *Description*:
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges.
### *Affected products*:
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2013 Service Pack 1
Microsoft Office 2016
Microsoft Office 2016 for Mac
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Web Apps 2010 Service Pack 2
Microsoft Office Web Apps 2013 Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft Office for Mac 2011
Microsoft Excel 2007 Service Pack 3
Microsoft Excel 2010 Service Pack 2
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1
Microsoft Excel 2016
Microsoft Excel 2016 for Mac
Microsoft Excel Viewer 2007 Service Pack 3
Microsoft Excel Web App 2013 Service Pack 1
Microsoft Excel for Mac 2011
Microsoft Live Meeting 2007 Add-in
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync 2013 Service Pack 1
Microsoft Lync Basic 2013 Service Pack 1
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2
Microsoft Outlook 2013
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2016
Microsoft PowerPoint 2007 Service Pack 3
Microsoft PowerPoint 2010 Service Pack 2
Microsoft PowerPoint 2013 RT Service Pack 1
Microsoft PowerPoint 2013 Service Pack 1
Microsoft PowerPoint 2016
Microsoft PowerPoint Viewer 2007
Microsoft Publisher 2007 Service Pack 3
Microsoft Publisher 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2013 Service Pack 1
Office Online Server
Skype for Business 2016
Skype for Business 2016 Basic
### *Solution*:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
### *Original advisories*:
[ADV170015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170015>)
[CVE-2017-8567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567>)
[CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>)
[CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>)
[CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>)
[CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>)
[CVE-2017-8744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744>)
[CVE-2017-8745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745>)
[CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>)
[CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>)
[CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>)
[CVE-2017-8629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629>)
[CVE-2017-8725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725>)
[CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>)
[CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>)
[CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>)
[CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>)
[CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>)
[CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>)
[CVE-2017-8745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745>)
[CVE-2017-8744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744>)
[CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>)
[CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>)
[CVE-2017-8725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725>)
[CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>)
[CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>)
[CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>)
[CVE-2017-8629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629>)
[CVE-2017-8567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567>)
### *Impacts*:
ACE
### *Related products*:
[Microsoft Office Live Meeting 2007](<https://threats.kaspersky.com/en/product/Microsoft-Office-Live-Meeting-2007/>)
### *CVE-IDS*:
[CVE-2017-8676](<https://vulners.com/cve/CVE-2017-8676>)2.1Warning
[CVE-2017-8682](<https://vulners.com/cve/CVE-2017-8682>)9.3Critical
[CVE-2017-8695](<https://vulners.com/cve/CVE-2017-8695>)2.6Warning
[CVE-2017-8696](<https://vulners.com/cve/CVE-2017-8696>)7.6Critical
[CVE-2017-8745](<https://vulners.com/cve/CVE-2017-8745>)3.5Warning
[CVE-2017-8744](<https://vulners.com/cve/CVE-2017-8744>)9.3Critical
[CVE-2017-8743](<https://vulners.com/cve/CVE-2017-8743>)9.3Critical
[CVE-2017-8742](<https://vulners.com/cve/CVE-2017-8742>)9.3Critical
[CVE-2017-8725](<https://vulners.com/cve/CVE-2017-8725>)9.3Critical
[CVE-2017-8632](<https://vulners.com/cve/CVE-2017-8632>)9.3Critical
[CVE-2017-8631](<https://vulners.com/cve/CVE-2017-8631>)9.3Critical
[CVE-2017-8630](<https://vulners.com/cve/CVE-2017-8630>)9.3Critical
[CVE-2017-8629](<https://vulners.com/cve/CVE-2017-8629>)3.5Warning
[CVE-2017-8567](<https://vulners.com/cve/CVE-2017-8567>)9.3Critical
### *Microsoft official advisories*:
### *KB list*:
[3213649](<http://support.microsoft.com/kb/3213649>)
[3213644](<http://support.microsoft.com/kb/3213644>)
[3213646](<http://support.microsoft.com/kb/3213646>)
[3213641](<http://support.microsoft.com/kb/3213641>)
[3213642](<http://support.microsoft.com/kb/3213642>)
[3213560](<http://support.microsoft.com/kb/3213560>)
[4025867](<http://support.microsoft.com/kb/4025867>)
[3213562](<http://support.microsoft.com/kb/3213562>)
[3213564](<http://support.microsoft.com/kb/3213564>)
[3191831](<http://support.microsoft.com/kb/3191831>)
[4011117](<http://support.microsoft.com/kb/4011117>)
[3128030](<http://support.microsoft.com/kb/3128030>)
[4025868](<http://support.microsoft.com/kb/4025868>)
[3213631](<http://support.microsoft.com/kb/3213631>)
[4025865](<http://support.microsoft.com/kb/4025865>)
[4025866](<http://support.microsoft.com/kb/4025866>)
[4011113](<http://support.microsoft.com/kb/4011113>)
[3213638](<http://support.microsoft.com/kb/3213638>)
[4011069](<http://support.microsoft.com/kb/4011069>)
[3141537](<http://support.microsoft.com/kb/3141537>)
[4011041](<http://support.microsoft.com/kb/4011041>)
[4011040](<http://support.microsoft.com/kb/4011040>)
[4011065](<http://support.microsoft.com/kb/4011065>)
[4011064](<http://support.microsoft.com/kb/4011064>)
[4011089](<http://support.microsoft.com/kb/4011089>)
[4011062](<http://support.microsoft.com/kb/4011062>)
[4011061](<http://support.microsoft.com/kb/4011061>)
[4011134](<http://support.microsoft.com/kb/4011134>)
[3213658](<http://support.microsoft.com/kb/3213658>)
[3213626](<http://support.microsoft.com/kb/3213626>)
[3203474](<http://support.microsoft.com/kb/3203474>)
[3213551](<http://support.microsoft.com/kb/3213551>)
[3212225](<http://support.microsoft.com/kb/3212225>)
[4011056](<http://support.microsoft.com/kb/4011056>)
[4011055](<http://support.microsoft.com/kb/4011055>)
[4011050](<http://support.microsoft.com/kb/4011050>)
[4011038](<http://support.microsoft.com/kb/4011038>)
[4011063](<http://support.microsoft.com/kb/4011063>)
[4011107](<http://support.microsoft.com/kb/4011107>)
[3128027](<http://support.microsoft.com/kb/3128027>)
[4025869](<http://support.microsoft.com/kb/4025869>)
[4011090](<http://support.microsoft.com/kb/4011090>)
[4011091](<http://support.microsoft.com/kb/4011091>)
[3114428](<http://support.microsoft.com/kb/3114428>)
[4011103](<http://support.microsoft.com/kb/4011103>)
[4011126](<http://support.microsoft.com/kb/4011126>)
[4011127](<http://support.microsoft.com/kb/4011127>)
[3213632](<http://support.microsoft.com/kb/3213632>)
[4011108](<http://support.microsoft.com/kb/4011108>)
[4011125](<http://support.microsoft.com/kb/4011125>)
[4011110](<http://support.microsoft.com/kb/4011110>)
### *Exploitation*:
The following public exploits exists for this vulnerability:
{"nessus": [{"lastseen": "2023-01-11T14:34:12", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8744"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:powerpoint", "cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103133);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8630\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8744\"\n );\n script_bugtraq_id(\n 100732,\n 100741,\n 100748,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"4011055\");\n script_xref(name:\"MSKB\", value:\"3213649\");\n script_xref(name:\"MSKB\", value:\"4011038\");\n script_xref(name:\"MSKB\", value:\"3213626\");\n script_xref(name:\"MSKB\", value:\"3213646\");\n script_xref(name:\"MSKB\", value:\"3213641\");\n script_xref(name:\"MSKB\", value:\"3213642\");\n script_xref(name:\"MSKB\", value:\"3213564\");\n script_xref(name:\"MSKB\", value:\"3203474\");\n script_xref(name:\"MSKB\", value:\"3213638\");\n script_xref(name:\"MSKB\", value:\"4011103\");\n script_xref(name:\"MSKB\", value:\"4011126\");\n script_xref(name:\"MSKB\", value:\"4011063\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"3213551\");\n script_xref(name:\"MSKB\", value:\"3213631\");\n script_xref(name:\"MSFT\", value:\"MS17-4011055\");\n script_xref(name:\"MSFT\", value:\"MS17-3213649\");\n script_xref(name:\"MSFT\", value:\"MS17-4011038\");\n script_xref(name:\"MSFT\", value:\"MS17-3213626\");\n script_xref(name:\"MSFT\", value:\"MS17-3213646\");\n script_xref(name:\"MSFT\", value:\"MS17-3213641\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-3213564\");\n script_xref(name:\"MSFT\", value:\"MS17-3203474\");\n script_xref(name:\"MSFT\", value:\"MS17-3213638\");\n script_xref(name:\"MSFT\", value:\"MS17-4011103\");\n script_xref(name:\"MSFT\", value:\"MS17-4011126\");\n script_xref(name:\"MSFT\", value:\"MS17-4011063\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-3213551\");\n script_xref(name:\"MSFT\", value:\"MS17-3213631\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4011055/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d24309b\");\n # https://support.microsoft.com/en-us/help/3213649/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95ea355\");\n # https://support.microsoft.com/en-us/help/4011038/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69c44d41\");\n # https://support.microsoft.com/en-us/help/3213626/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40a27f00\");\n # https://support.microsoft.com/en-us/help/3213646/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a714c54e\");\n # https://support.microsoft.com/en-us/help/3213641/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b84ca703\");\n # https://support.microsoft.com/en-us/help/3213642/descriptionofthesecurityupdateforpowerpoint2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?607de17a\");\n # https://support.microsoft.com/en-us/help/3213564/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f846aeb6\");\n # https://support.microsoft.com/en-us/help/3203474/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7601f27e\");\n # https://support.microsoft.com/en-us/help/3213638/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4928d07a\");\n # https://support.microsoft.com/en-us/help/4011103/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa6bb9d8\");\n # https://support.microsoft.com/en-us/help/4011126/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d1e5263\");\n # https://support.microsoft.com/en-us/help/4011063/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b27cd572\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n # https://support.microsoft.com/en-us/help/3213551/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ecdeba5\");\n # https://support.microsoft.com/en-us/help/3213631/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2751aff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Microsoft Office Products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213641', # Office 2007 SP3\n '3213646', # Office 2007 SP3\n '3213649', # Office 2007 SP3\n '4011063', # Office 2007 SP3\n '3213626', # Office 2010 SP2\n '3213631', # Office 2010 SP2\n '3213638', # Office 2010 SP2\n '4011055', # Office 2010 SP2\n '3213564', # Office 2013 SP1\n '4011103', # Office 2013 SP1\n '3203474', # Office 2016\n '3213551', # Office 2016\n '4011038', # Office 2016\n '4011126' # Office 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\noffice_vers = hotfix_check_office_version();\n\n####################################################################\n# Office 2007 SP3 Checks\n####################################################################\nif (office_vers[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n prod = \"Microsoft Office 2007 SP3\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"12.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2006.1200.6776.5000\", min_version:\"2006.1200.0.0\", path:path, kb:\"3213646\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office12\"\n );\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"12.0.6776.5000\", path:path, kb:\"3213641\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"12.0.6777.5000\", path:path, kb:\"4011063\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"12.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.626.6002.24173\", path:path, kb:\"3213649\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2010 SP2 Checks\n####################################################################\nif (office_vers[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = \"Microsoft Office 2010 SP2\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office14\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"14.0.7188.5002\", path:path, kb:\"4011055\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"14.0.7188.5000\", path:path, kb:\"3213638\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2010.1400.7188.5000\", min_version:\"2010.1400.0.0\", path:path, kb:\"3213626\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"14.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.0626.7601.23883\", path:path, kb:\"3213631\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2013 SP1 Checks\n####################################################################\nif (office_vers[\"15.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = \"Microsoft Office 2013 SP1\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"15.0\");\n\n path = hotfix_append_path(\n path : hotfix_get_officecommonfilesdir(officever:\"15.0\"),\n value : \"Microsoft Shared\\Office15\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"15.0.4963.1002\", path:path, kb:\"4011103\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2012.1500.4963.1000\", min_version:\"2012.1500.0.0\", path:path, kb:\"3213564\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2016 Checks\n####################################################################\nif (office_vers[\"16.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office16\"\n );\n kb = \"4011038\";\n file = \"mso99lwin32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"4011126\";\n file = \"mso30win32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1002\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"3213551\";\n file = \"wpft632.cnv\";\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\TextConv\"\n );\n if (\n hotfix_check_fversion(file:file, version:\"2012.1600.4588.1000\", min_version:\"2012.1600.0.0\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.7726.1057\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8201.2193\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8431.2079\", min_version:\"2012.1600.0.0\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8326.2107\", min_version:\"2012.1600.0.0\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n kb = \"3203474\";\n file = \"igx.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:39", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Viewers (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:powerpoint_viewer", "cpe:/a:microsoft:word_viewer", "cpe:/a:microsoft:excel_viewer"], "id": "SMB_NT_MS17_SEP_OFFICE_VIEWERS.NASL", "href": "https://www.tenable.com/plugins/nessus/103135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103135);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8631\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\"\n );\n script_bugtraq_id(\n 100741,\n 100751,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"3128030\");\n script_xref(name:\"MSKB\", value:\"4011065\");\n script_xref(name:\"MSKB\", value:\"4011125\");\n script_xref(name:\"MSKB\", value:\"4011134\");\n script_xref(name:\"MSFT\", value:\"MS17-3128030\");\n script_xref(name:\"MSFT\", value:\"MS17-4011065\");\n script_xref(name:\"MSFT\", value:\"MS17-4011125\");\n script_xref(name:\"MSFT\", value:\"MS17-4011134\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Viewers (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/3128030/descriptionofthesecurityupdateforpowerpointviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60ba21b6\");\n # https://support.microsoft.com/en-us/help/4011065/descriptionofthesecurityupdateforexcelviewer2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60960496\");\n # https://support.microsoft.com/en-us/help/4011125/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a90e90a1\");\n # https://support.microsoft.com/en-us/help/4011134/descriptionofthesecurityupdateforwordviewerseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d857f2e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB3128030\n -KB4011065\n -KB4011125\n -KB4011134\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word_viewer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel_viewer\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3128030', # PowerPoint Viewer 2007\n '4011065', # Excel Viewer 2007 SP3\n '4011125', # Office Word Viewer\n '4011134' # Office Word Viewer\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Excel Viewer\n######################################################################\nfunction perform_excel_viewer_checks()\n{\n var excel_vwr_checks = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6776.5000\", \"kb\", \"4011065\")\n );\n if (hotfix_check_office_product(product:\"ExcelViewer\", display_name:\"Excel Viewer\", checks:excel_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# PowerPoint Viewer\n######################################################################\nfunction perform_powerpoint_viewer_checks()\n{\n var ppt_vwr_checks = make_array(\n \"14.0\", make_array(\"version\", \"14.0.7188.5000\", \"kb\", \"3128030\")\n );\n if (hotfix_check_office_product(product:\"PowerPointViewer\", display_name:\"PowerPoint Viewer\", checks:ppt_vwr_checks, bulletin:bulletin))\n vuln = TRUE;\n}\n\n######################################################################\n# Word Viewer\n######################################################################\nfunction perform_word_viewer_checks()\n{\n var install, installs, path;\n\n installs = get_kb_list(\"SMB/Office/WordViewer/*/ProductPath\");\n if(isnull(installs)) return NULL;\n\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"gdiplus.dll\", version:\"11.0.8443.0\", kb:\"4011134\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n }\n\n path = hotfix_get_officecommonfilesdir(officever:\"11.0\");\n path = hotfix_append_path(path:path, value:\"Microsoft Shared\\Office11\");\n if(hotfix_check_fversion(path:path, file:\"usp10.dll\", version:\"1.626.6002.24173\", kb:\"4011125\", product:\"Microsoft Word Viewer\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n######################################################################\n# MAIN\n######################################################################\nperform_excel_viewer_checks();\nperform_powerpoint_viewer_checks();\nperform_word_viewer_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-14T14:22:01", "description": "The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2017-8629)\n\n - A cross-site scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. (CVE-2017-8745)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Sharepoint Server (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8629", "CVE-2017-8631", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8745"], "modified": "2021-01-28T00:00:00", "cpe": ["cpe:/a:microsoft:sharepoint_foundation", "cpe:/a:microsoft:sharepoint_server", "cpe:/a:microsoft:office"], "id": "SMB_NT_MS17_SEP_OFFICE_SHAREPOINT.NASL", "href": "https://www.tenable.com/plugins/nessus/103141", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103141);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\n \"CVE-2017-8629\",\n \"CVE-2017-8631\",\n \"CVE-2017-8742\",\n \"CVE-2017-8743\",\n \"CVE-2017-8745\"\n );\n script_bugtraq_id(\n 100725,\n 100741,\n 100746,\n 100751,\n 100753\n );\n script_xref(name:\"MSKB\", value:\"4011056\");\n script_xref(name:\"MSKB\", value:\"4011117\");\n script_xref(name:\"MSKB\", value:\"3213560\");\n script_xref(name:\"MSKB\", value:\"4011113\");\n script_xref(name:\"MSKB\", value:\"4011127\");\n script_xref(name:\"MSKB\", value:\"3191831\");\n script_xref(name:\"MSFT\", value:\"MS17-4011056\");\n script_xref(name:\"MSFT\", value:\"MS17-4011117\");\n script_xref(name:\"MSFT\", value:\"MS17-3213560\");\n script_xref(name:\"MSFT\", value:\"MS17-4011113\");\n script_xref(name:\"MSFT\", value:\"MS17-4011127\");\n script_xref(name:\"MSFT\", value:\"MS17-3191831\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Sharepoint Server (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Sharepoint Server installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Sharepoint Server installation on the remote\nhost is missing security updates. It is, therefore, affected\nby multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - An elevation of privilege vulnerability exists when\n Microsoft SharePoint Server does not properly sanitize a\n specially crafted web request to an affected SharePoint\n server. An authenticated attacker could exploit the\n vulnerability by sending a specially crafted request to\n an affected SharePoint server. The attacker who\n successfully exploited the vulnerability could then\n perform cross-site scripting attacks on affected systems\n and run script in the security context of the current\n user. These attacks could allow the attacker to read\n content that the attacker is not authorized to read, use\n the victim's identity to take actions on the SharePoint\n site on behalf of the user, such as change permissions\n and delete content, and inject malicious content in the\n browser of the user. The security update addresses the\n vulnerability by helping to ensure that SharePoint\n Server properly sanitizes web requests. (CVE-2017-8629)\n\n - A cross-site scripting (XSS) vulnerability exists when\n Microsoft SharePoint Server does not properly sanitize a\n specially crafted web request to an affected SharePoint\n server. An authenticated attacker could exploit the\n vulnerability by sending a specially crafted request to\n an affected SharePoint server. The attacker who\n successfully exploited the vulnerability could then\n perform cross-site scripting attacks on affected systems\n and run script in the security context of the current\n user. The attacks could allow the attacker to read\n content that the attacker is not authorized to read, use\n the victim's identity to take actions on the SharePoint\n site on behalf of the user, such as change permissions\n and delete content, and inject malicious content in the\n browser of the user. The security update addresses the\n vulnerability by helping to ensure that SharePoint\n Server properly sanitizes web requests. (CVE-2017-8745)\");\n # https://support.microsoft.com/en-us/help/4011056/descriptionofthesecurityupdateforsharepointserver2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?604636cb\");\n # https://support.microsoft.com/en-us/help/4011117/descriptionofthesecurityupdateforsharepointfoundation2013september12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a44abe21\");\n # https://support.microsoft.com/en-us/help/3213560/descriptionofthesecurityupdateforsharepointserver2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?af7fb55b\");\n # https://support.microsoft.com/en-us/help/4011113/descriptionofthesecurityupdateforsharepointserver2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79043bd\");\n # https://support.microsoft.com/en-us/help/4011127/descriptionofthesecurityupdateforsharepointserver2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5cbef33e\");\n # https://support.microsoft.com/en-us/help/3191831/descriptionofthesecurityupdateforsharepointserver2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb6ab180\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011056\n -KB4011117\n -KB3213560\n -KB4011113\n -KB4011127\n -KB3191831\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_foundation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:sharepoint_server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_sharepoint_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3191831', # Excel Services for SharePoint Server 2007 SP3\n '4011056', # Excel Services for SharePoint Server 2010 SP2\n '3213560', # SharePoint Server 2013 SP1\n '4011113', # SharePoint Server 2013 SP1\n '4011117', # SharePoint Foundation 2013 SP1\n '4011127' # SharePoint Enterprise Server 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) \nhotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nregistry_init();\n\nvar sps_2007_path, sps_2007_sp, sps_2007_edition;\nvar sps_2010_path, sps_2010_sp, sps_2010_edition;\nvar sps_2013_path, sps_2013_sp, sps_2013_edition;\nvar sps_2016_path, sps_2016_sp, sps_2016_edition;\n\nxss = FALSE;\nvuln = FALSE;\nport = kb_smb_transport();\n\ninstalls = get_installs(app_name:\"Microsoft SharePoint Server\", exit_if_not_found:TRUE);\n\nforeach install (installs[1])\n{\n if (install[\"Product\"] == \"2007\")\n {\n sps_2007_path = install['path'];\n sps_2007_sp = install['SP'];\n sps_2007_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2010\")\n {\n sps_2010_path = install['path'];\n sps_2010_sp = install['SP'];\n sps_2010_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2016\")\n {\n sps_2016_path = install['path'];\n sps_2016_sp = install['SP'];\n sps_2016_edition = install['Edition'];\n }\n else if (install[\"Product\"] == \"2013\")\n {\n sps_2013_path = install['path'];\n sps_2013_sp = install['SP'];\n sps_2013_edition = install['Edition'];\n }\n\n}\n\n\n######################################################################\n# SharePoint Server 2007 SP3\n######################################################################\nif (sps_2007_path && sps_2007_sp == \"3\" && sps_2007_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2007_path, value:\"Bin\");\n if (hotfix_check_fversion(file:\"xlsrv.dll\", version:\"12.0.6776.5000\", min_version:\"12.0.0.0\", path:path, kb:\"3191831\", product:\"Excel Services for SharePoint Server 2007 SP3\") == HCF_OLDER)\n {\n vuln = TRUE;\n }\n\n}\n\n######################################################################\n# SharePoint Server 2010 SP2\n######################################################################\nif (sps_2010_path && sps_2010_sp == \"2\" && sps_2010_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2010_path, value:\"Bin\");\n if (hotfix_check_fversion(file:\"xlsrv.dll\", version:\"14.0.7188.5000\", min_version:\"14.0.0.0\", path:path, kb:\"4011056\", product:\"Excel Services for SharePoint Server 2010 SP2\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n######################################################################\n# Sharepoint Server 2013 SP1\n######################################################################\nif (sps_2013_path && sps_2013_sp == \"1\")\n{\n if(sps_2013_edition == \"Server\")\n {\n path = hotfix_append_path(path:sps_2013_path, value:\"WebServices\\ConversionServices\");\n if (hotfix_check_fversion(file:\"ppserver.dll\", version:\"15.0.4961.1000\", min_version:\"15.0.0.0\", path:path, kb:\"3213560\", product:\"Microsoft SharePoint Server 2013 Service Pack 1 \") == HCF_OLDER)\n vuln = TRUE;\n\n if (hotfix_check_fversion(file:\"htmlutil.dll\", version:\"15.0.4936.1000\", min_version:\"15.0.0.0\", path:path, kb:\"4011113\", product:\"Microsoft SharePoint Server 2013 Service Pack 1\") == HCF_OLDER)\n {\n vuln = TRUE;\n xss = TRUE;\n }\n }\n\n if(sps_2013_edition == \"Foundation\")\n {\n commonfiles = hotfix_get_commonfilesdir();\n if (!commonfiles) commonfiles = hotfix_get_commonfilesdirx86();\n\n if(commonfiles) path = hotfix_append_path(path:commonfiles, value:\"Microsoft Shared\\Web Server Extensions\\15\\BIN\");\n else path = hotfix_append_path(path:sps_2013_path, value:\"BIN\");\n if (hotfix_check_fversion(file:\"onetutil.dll\", version:\"15.0.4963.1000\", min_version:\"15.0.0.0\", path:path, kb:\"4011117\", product:\"Microsoft Sharepoint Foundation 2013 Service Pack 1\") == HCF_OLDER)\n {\n vuln = TRUE;\n xss = TRUE;\n }\n }\n}\n######################################################################\n# SharePoint Server 2016\n######################################################################\nif (sps_2016_path && sps_2016_sp == \"0\" && sps_2016_edition == \"Server\")\n{\n path = hotfix_append_path(path:sps_2016_path, value:\"WebServices\\ConversionServices\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"16.0.4588.1000\", min_version:\"16.0.0.0\", path:path, kb:\"4011127\", product:\"Microsoft SharePoint Server 2016\") == HCF_OLDER)\n vuln = TRUE;\n}\n\n\n\nif (vuln)\n{\n if(xss) replace_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:19", "description": "The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by the following vulnerabilities:\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8567)\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office (September 2017) (macOS)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8567", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8676"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "MACOSX_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103126", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103126);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8567\",\n \"CVE-2017-8631\",\n \"CVE-2017-8632\",\n \"CVE-2017-8676\"\n );\n script_bugtraq_id(\n 100719,\n 100734,\n 100751,\n 100755\n );\n script_xref(name:\"MSKB\", value:\"3212225\");\n script_xref(name:\"MSFT\", value:\"MS17-3212225\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office (September 2017) (macOS)\");\n script_summary(english:\"Checks the version of Microsoft Office.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS or Mac OS X host is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office application installed on the remote macOS or Mac\nOS X host is missing a security update. It is, therefore, affected by\nthe following vulnerabilities:\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8567)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/3212225/description-of-the-security-update-for-office-for-mac-2011-14-7-7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6eeb83f\");\n # https://support.office.com/en-us/article/Release-notes-for-Office-2016-for-Mac-ed2da564-6d53-4542-9954-7e3209681a41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68489292\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8631\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b333387a\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8632\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52db4138\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8676\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9e41e2a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set patches for Microsoft Office for Mac 2011\nand Microsoft Office 2016 for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Office for Mac 2011\", \"installed_sw/Microsoft Outlook\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft Word\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n# Office 2011\napps = make_list(\n \"Office for Mac 2011\",\n \"Microsoft Outlook\",\n \"Microsoft Excel\",\n \"Microsoft Word\",\n \"Microsoft PowerPoint\",\n \"Microsoft OneNote\"\n);\n\nreport = \"\";\n\nforeach app (apps)\n{\n installs = get_installs(app_name:app);\n if (isnull(installs[1])) continue;\n foreach install (installs[1])\n {\n version = install['version'];\n app_label = app;\n fix = NULL;\n fix_disp = NULL;\n\n if (version =~ \"^14\\.\")\n {\n if (app !~ \" for Mac 2011$\") app_label += \" for Mac 2011\";\n fix = '14.7.7';\n }\n else\n {\n if (version =~ \"^15\\.\") app_label += \" for Mac 2016\";\n fix = '15.38.0';\n fix_disp = '15.38 (17090200)';\n }\n\n if (fix && ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Product : ' + app_label +\n '\\n Installed version : ' + version;\n\n if (!empty_or_null(fix_disp))\n {\n report += '\\n Fixed version : ' + fix_disp;\n fix_disp = '';\n }\n else report += '\\n Fixed version : ' + fix;\n\n if (os =~ \"^Mac OS X 10\\.[0-9](\\.|$)\" && app_label =~ \" for Mac 2016$\")\n report += '\\n Note : Update will require Mac OS X 10.10.0 or later.\\n';\n else report += '\\n';\n }\n }\n}\n\n# Report findings.\nif (!empty(report))\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\nelse\n audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:13", "description": "The Microsoft Office Online Server or Microsoft Office Web Apps installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office Online Server and Office Web Apps (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8743"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office_web_apps", "cpe:/a:microsoft:office_online_server"], "id": "SMB_NT_MS17_SEP_OFFICE_WEB.NASL", "href": "https://www.tenable.com/plugins/nessus/103192", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103192);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8631\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8743\"\n );\n script_bugtraq_id(\n 100741,\n 100746,\n 100751,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"3213562\");\n script_xref(name:\"MSFT\", value:\"MS17-3213562\");\n script_xref(name:\"MSKB\", value:\"3213632\");\n script_xref(name:\"MSFT\", value:\"MS17-3213632\");\n script_xref(name:\"MSKB\", value:\"3213658\");\n script_xref(name:\"MSFT\", value:\"MS17-3213658\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office Online Server and Office Web Apps (September 2017)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote Windows host is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Online Server or Microsoft Office Web\nApps installation on the remote host is missing security\nupdates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\");\n # https://support.microsoft.com/en-us/help/3213658/descriptionofthesecurityupdateforofficeonlineserverseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f1bdca6\");\n # https://support.microsoft.com/en-us/help/3213632/descriptionofthesecurityupdateforsharepointserver2010officewebappssept\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ab979819\");\n # https://support.microsoft.com/en-us/help/3213562/descriptionofthesecurityupdateforofficewebappsserver2013september12-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75d14528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://portal.msrc.microsoft.com/en-us/security-guidance/summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office Online\nServer, Office Web Apps Server 2013, Office 2010 Web Apps, and Office\n2013 Web Apps.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_web_apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_online_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_owa_installed.nbin\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n \"3213562\",\n \"3213632\",\n \"3213658\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nregistry_init();\nhklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\nglobal_var office_online_server_path = get_registry_value(\n handle : hklm,\n item : \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office16.WacServer\\InstallLocation\"\n);\nRegCloseKey(handle:hklm);\nclose_registry(close:FALSE);\n\nport = kb_smb_transport();\n\n######################################################################\n# Office Web Apps 2010, 2013\n######################################################################\nfunction perform_owa_checks()\n{\n var owa_installs, owa_install;\n var owa_2010_path, owa_2010_sp;\n var owa_2013_path, owa_2013_sp;\n var path;\n var vuln;\n\n # Get installs of Office Web Apps\n owa_installs = get_installs(app_name:\"Microsoft Office Web Apps\");\n if (!empty_or_null(owa_installs))\n {\n foreach owa_install (owa_installs[1])\n {\n if (owa_install[\"Product\"] == \"2010\")\n {\n owa_2010_path = owa_install[\"path\"];\n owa_2010_sp = owa_install[\"SP\"];\n }\n else if (owa_install[\"Product\"] == \"2013\")\n {\n owa_2013_path = owa_install[\"path\"];\n owa_2013_sp = owa_install[\"SP\"];\n }\n }\n }\n\n ####################################################################\n # Office Web Apps 2010 SP2\n ####################################################################\n if (owa_2010_path && (!isnull(owa_2010_sp) && owa_2010_sp == \"2\"))\n {\n path = hotfix_append_path(path:owa_2010_path, value:\"14.0\\WebServices\\WordServer\\Core\");\n if (hotfix_check_fversion(file:\"msoserver.dll\", version:\"14.0.7188.5000\", min_version:\"14.0.0.0\", path:path, kb:\"3213632\", product:\"Office Web Apps 2010\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n\n ####################################################################\n # Office Web Apps 2013 SP1\n ####################################################################\n if (owa_2013_path && (!isnull(owa_2013_sp) && owa_2013_sp == \"1\"))\n {\n path = hotfix_append_path(path:owa_2013_path, value:\"WordConversionService\\bin\\Converter\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"15.0.4963.1000\", min_version:\"15.0.4569.1500\", path:path, kb:\"3213562\", product:\"Office Web Apps 2013\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n return vuln;\n}\n\n\n######################################################################\n# Office Online Server\n######################################################################\nfunction perform_oos_checks()\n{\n var vuln, path;\n\n if (office_online_server_path)\n {\n path = hotfix_append_path(path:office_online_server_path, value:\"WordConversionService\\bin\\Converter\");\n if (hotfix_check_fversion(file:\"sword.dll\", version:\"16.0.7726.1056\", min_version:\"16.0.6000.0\", path:path, kb:\"3213658\", product:\"Office Online Server\") == HCF_OLDER)\n\n vuln = TRUE;\n }\n return vuln;\n}\n\nglobal_var vuln = 0;\nvuln += perform_owa_checks();\nvuln += perform_oos_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:35", "description": "Microsoft Office Compatibility Pack SP3 is missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Compatibility Pack SP3 (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8742"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office_compatibility_pack"], "id": "SMB_NT_MS17_SEP_OFFICE_COMPATIBILITY.NASL", "href": "https://www.tenable.com/plugins/nessus/103134", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103134);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\", \"CVE-2017-8742\");\n script_bugtraq_id(100734, 100741, 100751);\n script_xref(name:\"MSKB\", value:\"4011064\");\n script_xref(name:\"MSFT\", value:\"MS17-3213644\");\n script_xref(name:\"MSFT\", value:\"MS17-4011064\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Compatibility Pack SP3 (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Microsoft Office Compatibility Pack SP3 is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"Microsoft Office Compatibility Pack SP3 is missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\");\n # https://support.microsoft.com/en-us/help/3213644/descriptionofthesecurityupdateformicrosoftofficecompatibilitypackservi\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3021d13\");\n # https://support.microsoft.com/en-us/help/4011064/descriptionofthesecurityupdateformicrosoftofficecompatibilitypackservi\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5185a6eb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB3213644\n -KB4011064\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8742\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office_compatibility_pack\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213644',\n '4011064'\n);\n\nvuln = FALSE;\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nexcel_compat_check = make_array(\n \"12.0\", make_array(\"version\", \"12.0.6776.5000\", \"kb\", \"3213644\")\n);\n\nvuln = FALSE;\n######################################################################\n# Excel Compatibility pack\n######################################################################\nif (hotfix_check_office_product(product:\"ExcelCnv\",\n display_name:\"Office Compatibility Pack SP3\",\n checks:excel_compat_check,\n bulletin:bulletin))\n vuln = TRUE;\n\n######################################################################\n# PowerPoint Compatibility pack\n######################################################################\ninstalls = get_kb_list(\"SMB/Office/PowerPointCnv/*/ProductPath\");\nif (!isnull(installs))\n{\n foreach install (keys(installs))\n {\n path = installs[install];\n path = ereg_replace(pattern:'^(.+)\\\\\\\\[^\\\\\\\\]+\\\\.exe$', replace:\"\\1\\\", string:path, icase:TRUE);\n if(hotfix_check_fversion(path:path, file:\"ppcnv.dll\", version:\"12.0.6776.5000\", kb:\"4011064\", min_version:\"12.0.0.0\", product:\"PowerPoint Compatability Pack SP3\") == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n\nif(vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:00", "description": "The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:live_meeting_console", "cpe:/a:microsoft:skype_for_business", "cpe:/a:microsoft:live_meeting", "cpe:/a:microsoft:lync"], "id": "SMB_NT_MS17_SEP_SKYPE.NASL", "href": "https://www.tenable.com/plugins/nessus/103123", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103123);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8676\", \"CVE-2017-8695\", \"CVE-2017-8696\");\n script_bugtraq_id(100755, 100773, 100780);\n script_xref(name:\"MSKB\", value:\"4025865\");\n script_xref(name:\"MSKB\", value:\"4025866\");\n script_xref(name:\"MSKB\", value:\"4025867\");\n script_xref(name:\"MSKB\", value:\"4011040\");\n script_xref(name:\"MSKB\", value:\"3213568\");\n script_xref(name:\"MSKB\", value:\"4025868\");\n script_xref(name:\"MSKB\", value:\"4025869\");\n script_xref(name:\"MSFT\", value:\"MS17-4011107\");\n script_xref(name:\"MSFT\", value:\"MS17-4025865\");\n script_xref(name:\"MSFT\", value:\"MS17-4025866\");\n script_xref(name:\"MSFT\", value:\"MS17-4025867\");\n script_xref(name:\"MSFT\", value:\"MS17-4011040\");\n script_xref(name:\"MSFT\", value:\"MS17-3213568\");\n script_xref(name:\"MSFT\", value:\"MS17-4025868\");\n script_xref(name:\"MSFT\", value:\"MS17-4025869\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Skype for Business and Microsoft Lync and Microsoft Live Meeting (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or Microsoft Live Meeting installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Skype for Business or Microsoft Lync or\nMicrosoft Live Meeting installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\");\n # https://support.microsoft.com/en-us/help/4011107/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e352a51\");\n # https://support.microsoft.com/en-us/help/4025865/descriptionofthesecurityupdateforlync2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b9ff1ff\");\n # https://support.microsoft.com/en-us/help/4025866/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56771a41\");\n # https://support.microsoft.com/en-us/help/4025867/descriptionofthesecurityupdateforlync2010attendeeseptember12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f1f4d2c3\");\n # https://support.microsoft.com/en-us/help/4011040/descriptionofthesecurityupdateforskypeforbusiness2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64c04506\");\n # https://support.microsoft.com/en-us/help/3213568/description-of-the-security-update-for-skype-for-business-2015-lync-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e876cd3b\");\n # https://support.microsoft.com/en-us/help/4025868/descriptionofthesecurityupdateforofficelivemeetingconsoleseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f49fe21\");\n # https://support.microsoft.com/en-us/help/4025869/descriptionofthesecurityupdateforofficelivemeetingadd-inseptember12-20\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e609f52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011107\n -KB4025865\n -KB4025866\n -KB4025867\n -KB4011040\n -KB3213568\n -KB4025868\n -KB4025869\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8696\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting_console\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:skype_for_business\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:live_meeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:lync\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_lync_server_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '4025868', # Live Meeting 2007 Console\n '4011040', # Skype for Business 2016\n '4011107', # Lync 2013 SP1\n '3213568', # Lync 2013 SP1\n '4025866', # Lync 2010 Attendee (Admin level install)\n '4025865', # Lync 2010\n '4025867', # Lync 2010 Attendee (User level install)\n '4025869' # Live Meeting 2007 Add-in\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n######################################################################\n# Skype for Business 2016 / Lync 2013 and 2010\n######################################################################\nfunction perform_skype_checks()\n{\n if (int(get_install_count(app_name:\"Microsoft Lync\")) <= 0)\n return NULL;\n\n var lync_install, lync_installs, kb, file, prod;\n var found, report, uninstall_key, uninstall_keys;\n\n lync_installs = get_installs(app_name:\"Microsoft Lync\");\n foreach lync_install (lync_installs[1])\n {\n\n if (\"Live Meeting 2007 Add-in\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lmaddins.dll\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025869\", product:\"Live Meeting 2007 Add-in\") == HCF_OLDER)\n vuln = TRUE;\n }\n if (\"Live Meeting 2007 Console\" >< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"bgpubmgr.exe\", version:\"8.0.6362.281\", min_version:\"8.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025868\", product:\"Live Meeting 2007 Console\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 checks\n if (lync_install[\"version\"] =~ \"^4\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n # Lync 2010\n if (\"Attendee\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025865\", product:\"Microsoft Lync 2010\") == HCF_OLDER)\n vuln = TRUE;\n }\n # Lync 2010 Attendee\n else if (\"Attendee\" >< lync_install[\"Product\"])\n {\n if (\"user level\" >< tolower(lync_install[\"Product\"])) # User\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025867\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n else # Admin\n {\n if (hotfix_check_fversion(file:\"Ocpptview.dll\", version:\"4.0.7577.4540\", min_version:\"4.0.0.0\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4025866\", product:lync_install[\"Product\"]) == HCF_OLDER)\n vuln = TRUE;\n }\n }\n }\n # Lync on Skype 2016\n else if (lync_install[\"version\"] =~ \"^16\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n file = \"Lync.exe\";\n prod = \"Skype for Business 2016\";\n kb = \"4011040\";\n\n # MSI\n if (lync_install['Channel'] == \"MSI\" || empty_or_null(lync_install['Channel']))\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n # Deferred\n else if (lync_install['Channel'] == \"Deferred\")\n {\n if (\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7766.2116\", channel:\"Deferred\", channel_version:\"1701\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"First Release for Deferred\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n else if (lync_install['Channel'] == \"Current\")\n {\n if (hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Lync\", path:lync_install[\"path\"], kb:kb, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n } # Lync 2013 \n else if (lync_install[\"version\"] =~ \"^15\\.0\\.\" && \"Server\" >!< lync_install[\"Product\"])\n {\n if (hotfix_check_fversion(file:\"lync.exe\", version:\"15.0.4963.1000\", min_version:\"15.0.4000.1000\", path:lync_install[\"path\"], bulletin:bulletin, kb:\"4011107\", product:\"Microsoft Lync 2013\") == HCF_OLDER)\n vuln = TRUE;\n\n }\n }\n}\n\nperform_skype_checks();\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:13", "description": "The Microsoft Powerpoint Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Powerpoint Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8742", "CVE-2017-8743"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:powerpoint"], "id": "SMB_NT_MS17_SEP_POWERPOINT.NASL", "href": "https://www.tenable.com/plugins/nessus/103136", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103136);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8742\", \"CVE-2017-8743\");\n script_bugtraq_id(100741, 100746);\n script_xref(name:\"MSKB\", value:\"4011041\");\n script_xref(name:\"MSKB\", value:\"3128027\");\n script_xref(name:\"MSKB\", value:\"4011069\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-4011041\");\n script_xref(name:\"MSFT\", value:\"MS17-3128027\");\n script_xref(name:\"MSFT\", value:\"MS17-4011069\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Powerpoint Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Powerpoint Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Powerpoint Products are missing security\nupdates. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742, CVE-2017-8743)\");\n # https://support.microsoft.com/en-us/help/4011041/descriptionofthesecurityupdateforpowerpoint2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?acec2355\");\n # https://support.microsoft.com/en-us/help/3128027/descriptionofthesecurityupdateforpowerpoint2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d9bf308\");\n # https://support.microsoft.com/en-us/help/4011069/descriptionofthesecurityupdateforpowerpoint2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e2fc194\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011041\n -KB3128027\n -KB4011069\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213642', # PowerPoint 2007 SP3\n '3128027', # PowerPoint 2010 SP2\n '4011069', # PowerPoint 2013 SP1\n '4011041' # PowerPoint 2016\n);\n\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nport = kb_smb_transport();\n\nvuln = FALSE;\n\nchecks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6775.5000\", \"kb\", \"3213642\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7188.5000\", \"kb\", \"3128027\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.4963.1000\", \"kb\", \"4011069\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4588.1000\", \"kb\", \"4011041\", \"channel\", \"MSI\"),\n make_array(\"sp\", 0, \"version\", \"16.0.7766.2116\", \"kb\", \"4011041\", \"channel\", \"Deferred\", \"channel_version\", \"1701\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8201.2193\", \"kb\", \"4011041\", \"channel\", \"Deferred\", \"channel_version\", \"1705\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8431.2079\", \"kb\", \"4011041\", \"channel\", \"First Release for Deferred\"),\n make_array(\"sp\", 0, \"version\", \"16.0.8326.2107\", \"kb\", \"4011041\", \"channel\", \"Current\")\n )\n );\n\nif(hotfix_check_office_product(product:\"PowerPoint\", checks:checks, bulletin:bulletin))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:21", "description": "The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Update for Microsoft Office Excel Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_EXCEL.NASL", "href": "https://www.tenable.com/plugins/nessus/103138", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103138);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8631\", \"CVE-2017-8632\");\n script_bugtraq_id(100734, 100751);\n script_xref(name:\"MSKB\", value:\"4011108\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"4011061\");\n script_xref(name:\"MSFT\", value:\"MS17-4011050\");\n script_xref(name:\"MSFT\", value:\"MS17-4011108\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-4011061\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Update for Microsoft Office Excel Products (September 2017)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Excel Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Excel Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8631, CVE-2017-8632)\");\n # https://support.microsoft.com/en-us/help/4011108/descriptionofthesecurityupdateforexcel2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d426bc7\");\n # https://support.microsoft.com/en-us/help/4011050/descriptionofthesecurityupdateforexcel2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2583452\");\n # https://support.microsoft.com/en-us/help/4011061/descriptionofthesecurityupdateforexcel2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8028c458\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4011108\n -KB4011050\n -KB4011061\n -KB4011062\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '4011062', # Excel 2007 SP3\n '4011061', # Excel 2010 SP2\n '4011050', # Excel 2016\n '4011108' # Excel 2013 SP1\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\n\n######################################################################\n# Excel 2007, 2010, 2013, 2016\n######################################################################\n\nkb16 = \"4011050\";\nexcel_checks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6776.5000\", \"kb\", \"4011062\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7188.5000\", \"kb\", \"4011061\"),\n \"15.0\", make_array(\"sp\", 1, \"version\", \"15.0.4963.1000\", \"kb\", \"4011108\"),\n \"16.0\", make_nested_list(\n make_array(\"sp\", 0, \"version\", \"16.0.4588.1000\", \"channel\", \"MSI\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.7766.2116\", \"channel\", \"Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8201.2193\", \"channel\", \"Deferred\", \"channel_version\", \"1705\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8431.2079\", \"channel\", \"First Release for Deferred\", \"kb\", kb16),\n make_array(\"sp\", 0, \"version\", \"16.0.8326.2107\", \"channel\", \"Current\", \"kb\", kb16)\n )\n);\nif (hotfix_check_office_product(product:\"Excel\", checks:excel_checks, bulletin:bulletin))\n vuln = TRUE;\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:34", "description": "The Microsoft Publisher Products are missing a security update. It is, therefore, affected by the following vulnerability :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8725)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Publisher Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8725"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:publisher"], "id": "SMB_NT_MS17_SEP_PUBLISHER.NASL", "href": "https://www.tenable.com/plugins/nessus/103122", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103122);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\"CVE-2017-8725\");\n script_bugtraq_id(100758);\n script_xref(name:\"MSKB\", value:\"3141537\");\n script_xref(name:\"MSFT\", value:\"MS17-3114428\");\n script_xref(name:\"MSFT\", value:\"MS17-3141537\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Publisher Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Publisher Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Publisher Products are missing a security\nupdate. It is, therefore, affected by the following\nvulnerability :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8725)\");\n # https://support.microsoft.com/en-us/help/3114428/descriptionofthesecurityupdateforpublisher2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7cd17670\");\n # https://support.microsoft.com/en-us/help/3141537/descriptionofthesecurityupdateforpublisher2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1417166\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB3114428\n -KB3141537\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8725\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:publisher\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var bulletin, vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list( \"3114428\", \"3141537\");\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\n# Get path information for Windows.\nwindir = hotfix_get_systemroot();\nif (isnull(windir)) exit(1, \"Failed to determine the location of %windir%.\");\n\nregistry_init();\n\nvuln = FALSE;\n\n######################################################################\n# Publisher Checks\n######################################################################\nchecks = make_array(\n \"12.0\", make_array(\"sp\", 3, \"version\", \"12.0.6776.5000\", \"kb\", \"3114428\"),\n \"14.0\", make_array(\"sp\", 2, \"version\", \"14.0.7188.5000\", \"kb\", \"3141537\")\n);\nif (hotfix_check_office_product(product:\"Publisher\", checks:checks, bulletin:bulletin))\n vuln = TRUE;\n\nif (vuln)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:26", "description": "The remote Windows host is missing multiple security updates released on 2017/09/12. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. An attacker who successfully exploited the vulnerability could gain access to information on the Hyper-V host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, a user must open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by helping to ensure that Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The security update addresses the vulnerability by correcting how the Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how GDI+ handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be within the physical proximity of the targeted user, and the user's computer needs to have Bluetooth enabled. The attacker can then initiate a Bluetooth connection to the target computer without the user's knowledge. The security update addresses the vulnerability by correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 2008 September 2017 Multiple Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8741", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/103140", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103140);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8741\",\n \"CVE-2017-8759\"\n );\n script_bugtraq_id(\n 100720,\n 100722,\n 100724,\n 100727,\n 100736,\n 100737,\n 100742,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100769,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4032201\");\n script_xref(name:\"MSFT\", value:\"MS17-4032201\");\n script_xref(name:\"MSKB\", value:\"4034786\");\n script_xref(name:\"MSFT\", value:\"MS17-4034786\");\n script_xref(name:\"MSKB\", value:\"4038874\");\n script_xref(name:\"MSFT\", value:\"MS17-4038874\");\n script_xref(name:\"MSKB\", value:\"4039038\");\n script_xref(name:\"MSFT\", value:\"MS17-4039038\");\n script_xref(name:\"MSKB\", value:\"4039266\");\n script_xref(name:\"MSFT\", value:\"MS17-4039266\");\n script_xref(name:\"MSKB\", value:\"4039325\");\n script_xref(name:\"MSFT\", value:\"MS17-4039325\");\n script_xref(name:\"MSKB\", value:\"4039384\");\n script_xref(name:\"MSFT\", value:\"MS17-4039384\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 2008 September 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 September 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/09/12. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. To exploit the vulnerability, an\n attacker on a guest operating system could run a\n specially crafted application that could cause the\n Hyper-V host operating system to disclose memory\n information. An attacker who successfully exploited the\n vulnerability could gain access to information on the\n Hyper-V host operating system. The security update\n addresses the vulnerability by correcting how Hyper-V\n validates guest operating system user input.\n (CVE-2017-8707)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The security update addresses the vulnerability by\n correcting how the Windows kernel handles memory\n addresses. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The update\n addresses the vulnerability by correcting the way in\n which the Windows Graphics Component handles objects in\n memory. (CVE-2017-8683)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. To exploit the\n vulnerability, a user must open a specially crafted\n file. In an email attack scenario, an attacker could\n exploit the vulnerability by sending the specially\n crafted file to the user and then convincing the user to\n open the file. In a web-based attack scenario, an\n attacker could host a website (or leverage a compromised\n website that accepts or hosts user-provided content)\n that contains a specially crafted file designed to\n exploit the vulnerability. An attacker would have no way\n to force a user to visit the website. Instead, an\n attacker would have to convince a user to click a link,\n typically by way of an enticement in an email or Instant\n Messenger message, and then convince the user to open\n the specially crafted file. The security update\n addresses the vulnerability by helping to ensure that\n Windows Shell validates file copy destinations.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. To exploit this vulnerability, an attacker\n would have to log on to an affected system and run a\n specially crafted application. The security update\n addresses the vulnerability by correcting how the\n Windows kernel handles memory addresses. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. To exploit this vulnerability, an\n attacker would first have to log on to the system. An\n attacker could then run a specially crafted application\n that could exploit the vulnerability and take control of\n an affected system. The update addresses this\n vulnerability by correcting how Win32k handles objects\n in memory. (CVE-2017-8720)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. To exploit this\n vulnerability, an attacker would have to log on to an\n affected system and run a specially crafted application.\n The vulnerability would not allow an attacker to execute\n code or to elevate user rights directly, but it could be\n used to obtain information that could be used to try to\n further compromise the affected system. The security\n update addresses the vulnerability by correcting how the\n Windows GDI+ component handles objects in memory.\n (CVE-2017-8680, CVE-2017-8681, CVE-2017-8684,\n CVE-2017-8685)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. The security update\n addresses the vulnerability by correcting how GDI+\n handles memory addresses. (CVE-2017-8688)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n To exploit the vulnerability, the attacker needs to be\n within the physical proximity of the targeted user, and\n the user's computer needs to have Bluetooth enabled. The\n attacker can then initiate a Bluetooth connection to the\n target computer without the user's knowledge. The\n security update addresses the vulnerability by\n correcting how Windows handles Bluetooth requests.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. To exploit this vulnerability, an attacker would\n have to log on to an affected system and run a specially\n crafted application. The vulnerability would not allow\n an attacker to execute code or to elevate user rights\n directly, but it could be used to obtain information\n that could be used to try to further compromise the\n affected system. The update addresses the vulnerability\n by correcting how the Windows kernel handles objects in\n memory. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4032201/windows-kernel-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4cfaff8\");\n # https://support.microsoft.com/en-us/help/4034786/bluetooth-driver-spoofing-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a43fdc7\");\n # https://support.microsoft.com/en-us/help/4038874/windows-kernel-information-disclosure-vulnerability-in-windows-server\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c6e0c59\");\n # https://support.microsoft.com/en-us/help/4039038/information-disclosure-vulnerability-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?28782454\");\n # https://support.microsoft.com/en-us/help/4039266/windows-shell-remote-code-execution-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2d3ffe7\");\n # https://support.microsoft.com/en-us/help/4039325/hyper-v-information-disclosure-vulnerability\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09206238\");\n # https://support.microsoft.com/en-us/help/4039384/windows-uniscribe-vulnerabilities\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d820c79\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n\n - KB4032201\n - KB4034786\n - KB4038874\n - KB4039038\n - KB4039266\n - KB4039325\n - KB4039384\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-08';\n\nkbs = make_list(\n \"4032201\",\n \"4034786\",\n \"4038874\",\n \"4039038\",\n \"4039266\",\n \"4039325\",\n \"4039384\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\n# 4032201\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"-usermodensi_31bf3856ad364e35\", file_pat:\"^nsisvc\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4032201\", session:the_session);\n\n# 4034786 ; cannot locate on disk yet\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"bthpan.inf_31bf3856ad364e35\", file_pat:\"^bthpan\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19848','6.0.6002.24169'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4034786\", session:the_session);\n\n# 4038874\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"ntdll_31bf3856ad364e35\", file_pat:\"^ntdll\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19623','6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4038874\", session:the_session);\n\n# 4039038\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"m..-management-console_31bf3856ad364e35\", file_pat:\"^mmc\\.exe$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039038\", session:the_session);\n\n# 4039266\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"shell32_31bf3856ad364e35\", file_pat:\"^shell32\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19861', '6.0.6002.24182'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039266\", session:the_session);\n\n# 4039325 ; x64 only ; hyper-v\n#arch = get_kb_item_or_exit('SMB/ARCH');\n#if (arch == \"x64\")\n#{\n# files = list_dir(basedir:winsxs, level:0, dir_pat:\"vstack-vmwp_31bf3856ad364e35\", file_pat:\"^vmwp\\.exe$\", max_recurse:1);\n# vuln += hotfix_check_winsxs(os:'6.0',\n# sp:2,\n# files:files,\n# versions:make_list('6.0.6002.19858', '6.0.6002.24180'),\n# max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n# bulletin:bulletin,\n# kb:\"4039325\", session:the_session);\n#}\n\n# 4039384\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"win32k_31bf3856ad364e35\", file_pat:\"^win32k\\.sys$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.19836', '6.0.6002.24154'),\n max_versions:make_list('6.0.6002.20000','6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4039384\", session:the_session);\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:39", "description": "The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038777.NASL", "href": "https://www.tenable.com/plugins/nessus/103127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103127);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/02\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100720,\n 100722,\n 100724,\n 100727,\n 100728,\n 100736,\n 100737,\n 100742,\n 100743,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100765,\n 100766,\n 100767,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n\n script_xref(name:\"MSKB\", value:\"4038779\");\n script_xref(name:\"MSFT\", value:\"MS17-4038779\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038779\nor cumulative update 4038777. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038779/windows-7-update-kb4038779\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf7e8b94\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038779 or Cumulative update KB4038777\nas well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list('4038779', '4038777');\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(\n os:'6.1',\n sp:1,\n rollup_date:'09_2017',\n bulletin:bulletin,\n rollup_kb_list:[4038779, 4038777]\n )\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:46", "description": "The remote Windows host is missing security update 4038786 or cumulative update 4038799. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows Server 2012 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8749", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038799.NASL", "href": "https://www.tenable.com/plugins/nessus/103132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103132);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8749\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038786\");\n script_xref(name:\"MSFT\", value:\"MS17-4038786\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows Server 2012 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038786\nor cumulative update 4038799. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038786/windows-server-2012-update-kb4038786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b2bd74\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038786 or Cumulative update KB4038799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038786', '4038799');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038786, 4038799])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038793 or cumulative update 4038792. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038792.NASL", "href": "https://www.tenable.com/plugins/nessus/103131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103131);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSKB\", value:\"4038793\");\n script_xref(name:\"MSFT\", value:\"MS17-4038793\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038793\nor cumulative update 4038792. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038793/windows-8-1-update-kb4038793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3ecec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038793 or Cumulative update KB4038792.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038792', '4038793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038792, 4038793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:34:54", "description": "The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8738, CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8699) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "KB4038781: Windows 10 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038781.NASL", "href": "https://www.tenable.com/plugins/nessus/104385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104385);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_bugtraq_id(\n 98953,\n 100718,\n 100720,\n 100721,\n 100727,\n 100728,\n 100729,\n 100736,\n 100737,\n 100738,\n 100739,\n 100740,\n 100742,\n 100743,\n 100744,\n 100747,\n 100749,\n 100752,\n 100755,\n 100756,\n 100759,\n 100762,\n 100764,\n 100765,\n 100766,\n 100767,\n 100768,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100776,\n 100779,\n 100781,\n 100783,\n 100785,\n 100789,\n 100790,\n 100791,\n 100792,\n 100796,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4038781\");\n script_xref(name:\"MSFT\", value:\"MS17-4038781\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038781: Windows 10 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707,\n CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8738,\n CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8677,\n CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-8699)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038781/windows-10-update-kb4038781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c29dee1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:07", "description": "The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038783.NASL", "href": "https://www.tenable.com/plugins/nessus/103129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103129);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038783\");\n script_xref(name:\"MSFT\", value:\"MS17-4038783\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. \n (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753,\n CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038783/windows-10-update-kb4038783\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15cd901b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038783.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038783');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038783])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-13T17:06:48", "description": "The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038782.NASL", "href": "https://www.tenable.com/plugins/nessus/103128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103128);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8704\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8711\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8731\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038782\");\n script_xref(name:\"MSFT\", value:\"MS17-4038782\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711,\n CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752,\n CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038782/windows-10-update-kb4038782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62a3aab5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-12T14:33:45", "description": "The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The update addresses the bypass by correcting how the Edge CSP validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038788.NASL", "href": "https://www.tenable.com/plugins/nessus/103130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103130);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8597\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8648\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8716\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8724\",\n \"CVE-2017-8728\",\n \"CVE-2017-8729\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8739\",\n \"CVE-2017-8740\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8751\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038788\");\n script_xref(name:\"MSFT\", value:\"MS17-4038788\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707, \n CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when\n Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content. To\n exploit the bypass, an attacker must trick a user into\n either loading a page containing malicious content or\n visiting a malicious website. The attacker could also\n inject the malicious page into either a compromised\n website or an advertisement network. The update\n addresses the bypass by correcting how the Edge CSP\n validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740,\n CVE-2017-8752, CVE-2017-8753, CVE-2017-8755,\n CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038788/windows-10-update-kb4038788\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb942e3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038788.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038788');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038788])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2022-08-24T11:05:23", "description": "None\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures [CVE-2017-8631](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8631>), [CVE-2017-8632](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8632>), and [CVE-2017-8742](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** If you already have Office 2016 for Mac installed and you don't want to receive Office for Mac 2011 updates, follow the steps in [Uninstall Office 2011 for Mac](<https://support.office.com/article/uninstall-office-2011-for-mac-4bfcd230-0ea1-4656-bf30-dbfa44d358fa>). \n \nIn addition to the application improvements that are mentioned in this article, Office for Mac 2011 is now available as a subscription offering. For more information, see [Office frequently asked questions.](<http://go.microsoft.com/fwlink/?linkid=270016>)\n\n## Improvements and fixes\n\nThis update fixes critical issues and also helps to improve security. This security update provides the latest fixes for Office for Mac 2011.\n\n**NOTE** Office 2011 will no longer be updated. Learn more [here](<https://support.office.com/en-us/article/How-do-I-upgrade-to-Office-2016-ee68f6cf-422f-464a-82ec-385f65391350>) about upgrading Office for Mac.\n\n## Deployment information\n\nFor deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information: September 12, 2017\n\n## How to obtain and install the update\n\n### Method 1: Microsoft AutoUpdate for Mac\n\nThis update is available from Microsoft AutoUpdate. AutoUpdate is provided together with Office. It automatically keeps Microsoft software up to date. To use AutoUpdate, start a Microsoft Office program, and then click **Check for Updates** on the **Help** menu.\n\n### Method 2: Microsoft Download Center\n\nYou can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the Microsoft Office for Mac 14.7.7 update package now](<http://download.microsoft.com/download/5/9/4/594DAFCA-9BA8-4264-88F6-220AC2BB967A/Office2011-1477Update_EN-US.dmg>)\n\n### Updated files\n\nFor a complete list of the files that this update adds or changes, double-click the update installer, and then click **Show Files** on the **File** menu.\n\n## More information\n\n### Prerequisites\n\nBefore you install the Office for Mac 2011 14.7.7 update, make sure that you have Office for Mac 2011 14.1.0 or a later version installed on your computer. Also, make sure that the computer is running Mac OS X 10.5.8 or a later version of the Mac OS X operating system. \n \nTo verify that the computer meets this prerequisite, click **About This Mac** on the Apple menu. \n \nTo verify that Office for Mac 2011 14.1.0 is installed on your computer, follow these steps:\n\n 1. On the **Go** menu, click **Applications**.\n 2. Open the Microsoft Office 2011 folder, and then start any Office application. (For example, start Microsoft Word.)\n 3. On the application menu, click **About _<**application**>_**.\n 4. In the **About _<**application**>_** dialog box, note the version number that is displayed. The version should be **14.1.0** or a later version.\n\n### Update replacement information\n\nThis security update replaces security update 3212224.\n\n### How to obtain help and support for this security update\n\nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office for Mac 2011 14.7.7: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8567", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8742"], "modified": "2017-09-12T07:00:00", "id": "KB3212225", "href": "https://support.microsoft.com/en-us/help/3212225", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:06:32", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for Microsoft Word Viewer 2003](<http://www.microsoft.com/en-us/download/details.aspx?id=7176>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011134>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011134 for the 32-bit version of Word Viewer](<http://www.microsoft.com/download/details.aspx?familyid=08cec781-2b87-44e9-bbf7-ca0579015b66>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 3203484](<http://support.microsoft.com/kb/3203484>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \noffice2003-kb4011134-fullfile-enu.exe| 75343BA6CF3FE0E3F4A03D9C2A5ACE69C47CFC2F| 70B3ADF002B5E17046BE7FFF8CC460FB1AB6E6D3CAC1E000C4FFF7E03F247976 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Word Viewer| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \n_3c144d0d917c41e981e59d9c18e43e88.40d5ce2532074296b6dd2138d9286013| 11.0.8443.0| 1,715,968| 24-Aug-2017| 20:21| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Word Viewer: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB4011134", "href": "https://support.microsoft.com/en-us/help/4011134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for Office 2010](<http://support.microsoft.com/kb/2687455>) installed on the computer.**Note** This security update does not apply on systems running Windows Vista, Windows Server 2008, or later versions of Windows.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213638>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213638 for the 32-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=eed7d070-3dc7-4e28-883f-fc6019711a90>)\n * [Download the security update KB3213638 for the 64-bit version of Office 2010](<http://www.microsoft.com/download/details.aspx?familyid=8edba895-537d-4be9-908b-d8626d021961>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2010-kb3213638-fullfile-x86-glb.exe| 99102DB40319F4BFCC8211863422EBF99B34E0F3| 105190E0182C4DD9B7FC0FEC61E8BA38C0A060DF176DE4EDD96F81354C474EF1 \nogl2010-kb3213638-fullfile-x64-glb.exe| 3786A8FB0E1E5884A055B4F5AB3E36B4D8FF81F1| C9C6DD21464D4755EFA089C6C753EEA4236AACA1FF2C71D31630C17F29B5BA18 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Office 2010| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \nFor all supported x64-based versions of Office 2010File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nogl.dll.x86| ogl.dll| 14.0.7188.5000| 1,601,760| 26-Aug-2017| 01:04 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213638", "href": "https://support.microsoft.com/en-us/help/3213638", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:35", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for the 2007 Microsoft Office Suite](<http://support.microsoft.com/kb/949585>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213641>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213641 for the 32-bit version of 2007 Microsoft Office Suite](<http://www.microsoft.com/download/details.aspx?familyid=1cb6ed3b-e7b0-48e0-8316-f65b173d44f9>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nogl2007-kb3213641-fullfile-x86-glb.exe| D13D019186B930C8A3E3072195597A4D9ACF53A7| BBCDAFCA1F8E970BBFAC8046BBFF5992728A58B9C730CE01D3D2135CB3316F54 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of 2007 Microsoft Office Suite| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nOgl.dll| 12.0.6776.5000| 1,591,008| 24-Aug-2017| 13:25| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for 2007 Microsoft Office Suite: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695"], "modified": "2017-09-12T07:00:00", "id": "KB3213641", "href": "https://support.microsoft.com/en-us/help/3213641", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:38", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>). \n \n**Note** To apply this security update, you must have the release version of Office Online Server installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213658>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213658 for the 64-bit version of Office Online Server](<http://www.microsoft.com/download/details.aspx?familyid=8b961b52-24b9-4ced-99fa-b8e19d397c9e>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nwacserver2016-kb3213658-fullfile-x64-glb.exe| 96C7A52525FBF81D7F11C05FEB3591A53A2B729F| BA25222B68EFB64D9B9B82B7C1537B4B672AF590D9A67445B9DD659B9784C79E \n \n### File information\n\nFor the list of files that cumulative update KB 3213658 contains, download the [file information for update 3213658](<http://download.microsoft.com/download/1/e/d/1edb809e-7541-48c1-8708-6a6abd52e9ae/File%20tables%20for%203213658.csv>).\n\n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on SharePoint: [SharePoint User Voice portal](<http://sharepoint.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Online Server: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8742", "CVE-2017-8743"], "modified": "2017-09-12T07:00:00", "id": "KB3213658", "href": "https://support.microsoft.com/en-us/help/3213658", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 Attendee (user level install) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025867 for the 32-bit version of Lync 2010 Attendee (user level install)](<http://www.microsoft.com/download/details.aspx?familyid=76de234f-ebf5-4294-b6e2-577d7dcf9e3d>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020734](<http://support.microsoft.com/kb/4020734>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nAttendeeUser.msp| 4B51BF482E3D4642E7F5E17EEC681DF3F9E26279| 7209C500965202DCA1ABE2CD952EE7B90AC97036C4E0BC1D83CA0B8A6A8607E7 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010 Attendee (user level install)| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAgcore.dll| 4.0.60831.0| 5,969,224| 18-Jul-2017| 16:14| x86 \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nCoreclr.dll| 4.0.60831.0| 3,525,448| 18-Jul-2017| 16:14| x86 \nFile_attendeecommunicator.exe.manifest| Not applicable| 1,193| 24-May-2013| 05:22| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxaoc| 4.0.7577.4540| 52,800| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginaoc.dll| 4.0.7577.4540| 91,224| 15-Aug-2017| 20:46| x86 \nMscorlib.dll| 4.0.60831.0| 1,595,216| 18-Jul-2017| 16:14| x86 \nMscorrc.dll| 4.0.60831.0| 10,056| 18-Jul-2017| 16:14| x86 \nNpctrl.dll| 4.0.60831.0| 1,025,864| 18-Jul-2017| 16:14| x86 \nNpctrlui.dll| 4.0.60831.0| 766,800| 18-Jul-2017| 16:14| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPrivacystatement.rtf| Not applicable| 47| 01-Apr-2011| 07:44| Not applicable \nProgramexe| 4.0.7577.4540| 12,008,520| 15-Aug-2017| 20:47| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSlmsprbootstrap.dll| 1.5.5000.0| 426,840| 18-Jul-2017| 16:14| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nSystem.core.dll| 4.0.60831.0| 542,544| 18-Jul-2017| 16:14| x86 \nSystem.dll| 4.0.60831.0| 239,432| 18-Jul-2017| 16:14| x86 \nSystem.net.dll| 4.0.60831.0| 231,248| 18-Jul-2017| 16:14| x86 \nSystem.runtime.serialization.dll| 4.0.60831.0| 419,704| 18-Jul-2017| 16:14| x86 \nSystem.servicemodel.dll| 4.0.60831.0| 526,176| 18-Jul-2017| 16:14| x86 \nSystem.servicemodel.web.dll| 4.0.60831.0| 79,720| 18-Jul-2017| 16:14| x86 \nSystem.windows.browser.dll| 8.0.60831.0| 149,352| 18-Jul-2017| 16:14| x86 \nSystem.windows.dll| 4.0.60831.0| 1,484,632| 18-Jul-2017| 16:14| x86 \nSystem.xml.dll| 4.0.60831.0| 325,456| 18-Jul-2017| 16:14| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010 Attendee (user level install): September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025867", "href": "https://support.microsoft.com/en-us/help/4025867", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Office Live Meeting 2007 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Live Meeting website\n\nTo get the stand-alone package for this update, go to the [Live Meeting](<https://support.office.com/en-us/article/Download-the-Conferencing-Add-in-for-Microsoft-Office-Outlook-60691b44-279d-4be6-a9b1-b78d9789bd4f?CorrelationId=062af222-c550-4850-a466-fa96487a6b74&ui=en-US&rs=en-US&ad=US>) website.\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020736](<http://support.microsoft.com/kb/4020736>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \n(X64) ConfAddins_Setup.exe| BC24079B5D51A2D094228777956851DB26830F9C| 71E2FE1D5E3899AE9F5729C5AC8BE31860FCCB6CC2E4A039F6C0B18051D2A065 \n(X86) ConfAddins_Setup.exe| 87ECC3CAE2C8A68796234A6FD161CCF1819DA98A| 23BCD9655B52FFD4087B0A4F870E6D5344D4BF0FC7EB34A4F1091E52503613E3 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Live Meeting Add-in| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nCatalog.8.0.50727.762.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nCatalog.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,281,112| 07-Sep-2017| 16:04| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 230,560| 07-Sep-2017| 16:21| Not applicable \nFile_da_dk_lm_intsat| 8.0.6362.281| 432,800| 07-Sep-2017| 16:21| Not applicable \nFile_da_dk_outhlp| Not applicable| 313,958| 12-Jul-2017| 18:33| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 245,408| 07-Sep-2017| 16:23| Not applicable \nFile_de_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 16:23| Not applicable \nFile_de_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 240,008| 24-Nov-2008| 23:30| Not applicable \nFile_de_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 63,368| 24-Nov-2008| 23:30| Not applicable \nFile_de_outhlp| Not applicable| 316,074| 12-Jul-2017| 18:33| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,976| 07-Sep-2017| 16:08| Not applicable \nFile_en_lmintsat| 8.0.6362.281| 433,312| 07-Sep-2017| 16:08| Not applicable \nFile_en_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_en_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_en_outhlp| Not applicable| 311,266| 12-Jul-2017| 18:35| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 242,848| 07-Sep-2017| 16:24| Not applicable \nFile_es_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 16:24| Not applicable \nFile_es_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 237,960| 24-Nov-2008| 23:30| Not applicable \nFile_es_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 63,880| 24-Nov-2008| 23:30| Not applicable \nFile_es_outhlp| Not applicable| 315,534| 12-Jul-2017| 18:33| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,120| 07-Sep-2017| 16:26| Not applicable \nFile_fi_fi_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 16:26| Not applicable \nFile_fi_fi_outhlp| Not applicable| 314,259| 12-Jul-2017| 18:33| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 246,944| 07-Sep-2017| 16:27| Not applicable \nFile_fr_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 16:27| Not applicable \nFile_fr_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 239,496| 24-Nov-2008| 23:30| Not applicable \nFile_fr_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 65,416| 24-Nov-2008| 23:30| Not applicable \nFile_fr_outhlp| Not applicable| 316,258| 12-Jul-2017| 18:33| Not applicable \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 241,312| 07-Sep-2017| 16:29| Not applicable \nFile_it_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 16:29| Not applicable \nFile_it_outhlp| Not applicable| 315,253| 12-Jul-2017| 18:33| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 198,816| 07-Sep-2017| 16:31| Not applicable \nFile_ja_lmintsat| 8.0.6362.281| 408,224| 07-Sep-2017| 16:31| Not applicable \nFile_ja_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_ja_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_ja_outhlp| Not applicable| 320,539| 12-Jul-2017| 18:33| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 196,768| 07-Sep-2017| 16:32| Not applicable \nFile_ko_lmintsat| 8.0.6362.281| 407,200| 07-Sep-2017| 16:32| Not applicable \nFile_ko_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_ko_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_ko_outhlp| Not applicable| 314,667| 12-Jul-2017| 18:33| Not applicable \nFile_lmaddins.dll| 8.0.6362.281| 1,736,352| 07-Sep-2017| 16:04| x86 \nFile_lmcapi.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 782,216| 24-Nov-2008| 23:30| Not applicable \nFile_lmpapi.dll.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 658,312| 24-Nov-2008| 23:30| Not applicable \nFile_lmpreferences.dll.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 768,904| 24-Nov-2008| 23:30| Not applicable \nFile_lmxp32.dll| 8.0.6362.281| 1,619,608| 07-Sep-2017| 16:04| x86 \nFile_meetnowprefs.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 500,616| 24-Nov-2008| 23:30| Not applicable \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,288| 07-Sep-2017| 16:34| Not applicable \nFile_nl_nl_lmintsat| 8.0.6362.281| 438,944| 07-Sep-2017| 16:34| Not applicable \nFile_nl_nl_outhlp| Not applicable| 314,015| 12-Jul-2017| 18:33| Not applicable \nFile_preferences.exe.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 494,984| 24-Nov-2008| 23:30| Not applicable \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,240| 07-Sep-2017| 16:36| Not applicable \nFile_pt_lmintsat| 8.0.6362.281| 437,408| 07-Sep-2017| 16:36| Not applicable \nFile_pt_outhlp| Not applicable| 315,299| 12-Jul-2017| 18:33| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 229,536| 07-Sep-2017| 16:38| Not applicable \nFile_sv_se_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 16:38| Not applicable \nFile_sv_se_outhlp| Not applicable| 313,479| 12-Jul-2017| 18:33| Not applicable \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,016| 07-Sep-2017| 16:39| Not applicable \nFile_zh_cn_lmintsat| 8.0.6362.281| 399,008| 07-Sep-2017| 16:39| Not applicable \nFile_zh_cn_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_zh_cn_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_zh_cn_outhlp| Not applicable| 314,900| 12-Jul-2017| 18:33| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,528| 07-Sep-2017| 16:41| Not applicable \nFile_zh_tw_lmintsat| 8.0.6362.281| 399,520| 07-Sep-2017| 16:41| Not applicable \nFile_zh_tw_lmintsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 235,400| 24-Nov-2008| 23:30| Not applicable \nFile_zh_tw_lmprefsat.69c1c19c_6c71_46fb_8c2f_ffe89c98225d| 7.0.4724.3| 56,200| 24-Nov-2008| 23:30| Not applicable \nFile_zh_tw_outhlp| Not applicable| 314,881| 12-Jul-2017| 18:33| Not applicable \nManifest.8.0.50727.762.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 800| 02-Dec-2006| 05:54| Not applicable \nManifest.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 1,869| 02-Dec-2006| 13:23| Not applicable \nMsvcm80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nMsvcp80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nMsvcr80.dll.8.0.50727.762.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcm80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcp80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nNosxs_msvcr80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nUl_catalog.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nUl_catalog.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nUl_manifest.63e949f6_03bc_5c40_ff1f_c8b3b9a1e18e| Not applicable| 800| 02-Dec-2006| 05:54| Not applicable \nUl_manifest.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| Not applicable| 1,869| 02-Dec-2006| 13:23| Not applicable \nUl_msvcm80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 479,232| 02-Dec-2006| 05:54| Not applicable \nUl_msvcp80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 548,864| 02-Dec-2006| 05:54| Not applicable \nUl_msvcr80.dll.98cb24ad_52fb_db5f_ff1f_c8b3b9a1e18e| 8.0.50727.762| 626,688| 02-Dec-2006| 05:54| Not applicable \nFor all supported x64-based versions of Live Meeting Add-inFile name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nCatalog.8.0.50727.762.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nCatalog.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,841,600| 06-Sep-2017| 09:38| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 223,744| 06-Sep-2017| 09:58| Not applicable \nFile_da_dk_lm_intsat| 8.0.6362.281| 432,800| 07-Sep-2017| 17:12| Not applicable \nFile_da_dk_outhlp| Not applicable| 313,958| 12-Jul-2017| 18:33| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,592| 06-Sep-2017| 09:58| Not applicable \nFile_de_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 17:14| Not applicable \nFile_de_outhlp| Not applicable| 316,074| 12-Jul-2017| 18:33| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 220,160| 06-Sep-2017| 09:28| Not applicable \nFile_en_lmintsat| 8.0.6362.281| 433,312| 07-Sep-2017| 17:04| Not applicable \nFile_en_outhlp| Not applicable| 311,266| 12-Jul-2017| 18:35| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 236,032| 06-Sep-2017| 09:58| Not applicable \nFile_es_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 17:15| Not applicable \nFile_es_outhlp| Not applicable| 315,534| 12-Jul-2017| 18:33| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,304| 06-Sep-2017| 09:59| Not applicable \nFile_fi_fi_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 17:16| Not applicable \nFile_fi_fi_outhlp| Not applicable| 314,259| 12-Jul-2017| 18:33| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,128| 06-Sep-2017| 09:59| Not applicable \nFile_fr_lmintsat| 8.0.6362.281| 444,064| 07-Sep-2017| 17:18| Not applicable \nFile_fr_outhlp| Not applicable| 316,258| 12-Jul-2017| 18:33| Not applicable \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 234,496| 06-Sep-2017| 09:59| Not applicable \nFile_it_lmintsat| 8.0.6362.281| 440,992| 07-Sep-2017| 17:19| Not applicable \nFile_it_outhlp| Not applicable| 315,253| 12-Jul-2017| 18:33| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 192,000| 06-Sep-2017| 10:00| Not applicable \nFile_ja_lmintsat| 8.0.6362.281| 408,224| 07-Sep-2017| 17:20| Not applicable \nFile_ja_outhlp| Not applicable| 320,539| 12-Jul-2017| 18:33| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 189,952| 06-Sep-2017| 10:00| Not applicable \nFile_ko_lmintsat| 8.0.6362.281| 407,200| 07-Sep-2017| 17:22| Not applicable \nFile_ko_outhlp| Not applicable| 314,667| 12-Jul-2017| 18:33| Not applicable \nFile_lmaddins.dll| 8.0.6362.281| 2,110,112| 07-Sep-2017| 17:03| x64 \nFile_lmxp32.dll| 8.0.6362.281| 1,982,616| 07-Sep-2017| 17:03| x64 \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,472| 06-Sep-2017| 10:00| Not applicable \nFile_nl_nl_lmintsat| 8.0.6362.281| 438,944| 07-Sep-2017| 17:23| Not applicable \nFile_nl_nl_outhlp| Not applicable| 314,015| 12-Jul-2017| 18:33| Not applicable \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 231,424| 06-Sep-2017| 10:00| Not applicable \nFile_pt_lmintsat| 8.0.6362.281| 437,408| 07-Sep-2017| 17:25| Not applicable \nFile_pt_outhlp| Not applicable| 315,299| 12-Jul-2017| 18:33| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 222,720| 06-Sep-2017| 10:01| Not applicable \nFile_sv_se_lmintsat| 8.0.6362.281| 432,288| 07-Sep-2017| 17:26| Not applicable \nFile_sv_se_outhlp| Not applicable| 313,479| 12-Jul-2017| 18:33| Not applicable \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 5,219,328| 06-Sep-2017| 09:38| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 179,200| 06-Sep-2017| 10:01| Not applicable \nFile_zh_cn_lmintsat| 8.0.6362.281| 399,008| 07-Sep-2017| 17:28| Not applicable \nFile_zh_cn_outhlp| Not applicable| 314,900| 12-Jul-2017| 18:33| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 179,712| 06-Sep-2017| 10:01| Not applicable \nFile_zh_tw_lmintsat| 8.0.6362.281| 399,520| 07-Sep-2017| 17:29| Not applicable \nFile_zh_tw_outhlp| Not applicable| 314,881| 12-Jul-2017| 18:33| Not applicable \nManifest.8.0.50727.762.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 804| 02-Dec-2006| 05:39| Not applicable \nManifest.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 1,871| 02-Dec-2006| 09:14| Not applicable \nMsvcm80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 516,096| 02-Dec-2006| 05:37| Not applicable \nMsvcp80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 1,061,376| 02-Dec-2006| 05:39| Not applicable \nMsvcr80.dll.8.0.50727.762.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 796,672| 02-Dec-2006| 05:36| Not applicable \nUl_catalog.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 8,355| 02-Dec-2006| 13:25| Not applicable \nUl_catalog.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 8,335| 02-Dec-2006| 13:25| Not applicable \nUl_manifest.4f6d20f0_cce5_1492_ff1f_c8b3b9a1e18e| Not applicable| 804| 02-Dec-2006| 05:39| Not applicable \nUl_manifest.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| Not applicable| 1,871| 02-Dec-2006| 09:14| Not applicable \nUl_msvcm80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 516,096| 02-Dec-2006| 05:37| Not applicable \nUl_msvcp80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 1,061,376| 02-Dec-2006| 05:39| Not applicable \nUl_msvcr80.dll.844efba7_1c24_93b2_ff1f_c8b3b9a1e18e| 8.0.50727.762| 796,672| 02-Dec-2006| 05:36| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Live Meeting Add-in: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025869", "href": "https://support.microsoft.com/en-us/help/4025869", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:21", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4025865>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025865 for the 32-bit version of Lync 2010](<http://www.microsoft.com/download/details.aspx?familyid=f145b833-309f-49c6-b664-4155a216150d>)\n * [Download the security update KB4025865 for the 64-bit version of Lync 2010](<http://www.microsoft.com/download/details.aspx?familyid=31ce5e7d-19cf-4838-9c30-791f4cdff4ce>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020732](<http://support.microsoft.com/kb/4020732>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \n(X64) Lync.msp| E5482FB57932ED642B0D4EDF745A8D741D639675| 2AA0B6380D65529FE3DFFF61B6E96375326C761013C7DDC0416EB2D004B5422A \n(x86) Lync.msp| 46C2AB221B859F4EE5C183307EF37EDBE46E80E3| F16D716E7E84963898AAD108B35913B73EA9AC73D26784CE4DBA3243653ABDDC \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nAutohelper| 4.0.7577.253| 38,672| 31-Mar-2011| 08:45| Not applicable \nCommunicatorexe| 4.0.7577.4540| 12,120,104| 15-Aug-2017| 20:48| x86 \nCrecplayerresexe| 4.0.7577.4403| 600,224| 20-Jul-2013| 01:04| x86 \nFile_communicator.exe.manifest| Not applicable| 1,185| 23-Mar-2013| 03:08| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxoc| 4.0.7577.4540| 52,784| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginoc.dll| 4.0.7577.4540| 33,336| 15-Aug-2017| 20:46| x86 \nFile_ucaddin.dll| 4.0.7577.4445| 910,632| 14-Apr-2014| 21:09| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcpubmgrexe| 4.0.7577.4403| 2,371,744| 20-Jul-2013| 01:05| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPlayback_annotationcontrols_dll| 4.0.7577.4087| 340,840| 25-Mar-2012| 02:42| x86 \nPlayback_annotationtextmerge_dll| 4.0.7577.4087| 172,840| 25-Mar-2012| 02:42| x86 \nPlayback_coreplaybackengine_dll| 4.0.7577.4087| 1,358,632| 25-Mar-2012| 02:40| x86 \nPlayback_logging_dll| 4.0.7577.4087| 167,768| 25-Mar-2012| 02:42| x86 \nPlayback_oc3playbackapplication_dll| 4.0.7577.4087| 163,632| 25-Mar-2012| 02:42| x86 \nPlayback_uc_ui_utilities_dll| 4.0.7577.4087| 166,232| 25-Mar-2012| 02:42| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nUcmapiexe| 4.0.7577.4409| 648,344| 25-Sep-2013| 20:01| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \nFor all supported x64-based versions of Lync 2010File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nAutohelper| 4.0.7577.253| 38,672| 31-Mar-2011| 08:45| Not applicable \nCommunicatorexe| 4.0.7577.4540| 12,120,104| 15-Aug-2017| 20:48| x86 \nCrecplayerresexe| 4.0.7577.4403| 600,224| 20-Jul-2013| 01:04| x86 \nFile_communicator.exe.manifest| Not applicable| 1,185| 23-Mar-2013| 03:08| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxoc| 4.0.7577.4540| 52,784| 15-Aug-2017| 20:46| Not applicable \nFile_meetingjoinaxoc64| 4.0.7577.4540| 295,472| 15-Aug-2017| 23:34| Not applicable \nFile_npmeetingjoinpluginoc.dll| 4.0.7577.4540| 33,336| 15-Aug-2017| 20:46| x86 \nFile_ucaddin.dll| 4.0.7577.4445| 910,632| 14-Apr-2014| 21:09| x86 \nFile_x64_ucaddin.dll| 4.0.7577.4445| 1,514,288| 14-Apr-2014| 22:16| x64 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcpubmgrexe| 4.0.7577.4403| 2,371,744| 20-Jul-2013| 01:05| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPlayback_annotationcontrols_dll| 4.0.7577.4087| 340,840| 25-Mar-2012| 02:42| x86 \nPlayback_annotationtextmerge_dll| 4.0.7577.4087| 172,840| 25-Mar-2012| 02:42| x86 \nPlayback_coreplaybackengine_dll| 4.0.7577.4087| 1,358,632| 25-Mar-2012| 02:40| x86 \nPlayback_logging_dll| 4.0.7577.4087| 167,768| 25-Mar-2012| 02:42| x86 \nPlayback_oc3playbackapplication_dll| 4.0.7577.4087| 163,632| 25-Mar-2012| 02:42| x86 \nPlayback_uc_ui_utilities_dll| 4.0.7577.4087| 166,232| 25-Mar-2012| 02:42| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nUcmapi64exe| 4.0.7577.4409| 2,458,264| 25-Sep-2013| 21:08| x64 \nUcmapiexe| 4.0.7577.4409| 648,344| 25-Sep-2013| 20:01| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025865", "href": "https://support.microsoft.com/en-us/help/4025865", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:23", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Lync 2010 Attendee (admin level install) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4025866>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4025866 for the 32-bit version of Lync 2010 Attendee (admin level install)](<http://www.microsoft.com/download/details.aspx?familyid=8e4ef5f4-f86d-4a70-b315-53d5eb596e1c>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020733](<http://support.microsoft.com/kb/4020733>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nAttendeeAdmin.msp| 2369D80D25E37EB9C32ACFDD975742EB363A7B6F| 38C29A32042A054FE94441CC81BD9DC620905DAC77C4CF8F027D4C19F42431C3 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Lync 2010 Attendee (admin level install)| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nAppshapi.dll| 4.0.7577.4409| 1,141,920| 25-Sep-2013| 20:01| x86 \nAppshcom.dll| 4.0.7577.4409| 282,272| 25-Sep-2013| 20:01| x86 \nAppshvw.dll| 4.0.7577.4388| 1,896,600| 11-Apr-2013| 21:27| x86 \nFile_attendeecommunicator.exe.manifest| Not applicable| 1,193| 24-May-2013| 05:22| Not applicable \nFile_cures.dll| 4.0.7577.4456| 686,376| 28-Oct-2014| 01:35| x86 \nFile_meetingjoinaxaoc| 4.0.7577.4540| 52,800| 15-Aug-2017| 20:46| Not applicable \nFile_npmeetingjoinpluginaoc.dll| 4.0.7577.4540| 33,360| 15-Aug-2017| 20:46| x86 \nOcpptview.dll| 4.0.7577.4540| 2,073,120| 15-Aug-2017| 20:46| x86 \nOcrecdll| 4.0.7577.4403| 791,704| 20-Jul-2013| 01:05| x86 \nOgl.dll| 4.0.7577.4540| 1,712,152| 15-Aug-2017| 20:46| x86 \nPrivacystatement.rtf| Not applicable| 47| 01-Apr-2011| 07:44| Not applicable \nProgramexe| 4.0.7577.4540| 12,008,520| 15-Aug-2017| 20:47| x86 \nPsomdll| 4.0.7577.4504| 783,896| 14-Jun-2016| 07:34| x86 \nRtmpltfm_dll| 4.0.7577.4540| 6,418,448| 15-Aug-2017| 20:46| x86 \nSaext.dll| 4.0.7577.253| 319,752| 31-Mar-2011| 08:43| x86 \nSqmapidll| 6.0.6000.16386| 141,064| 10-Feb-2011| 11:28| x86 \nUccp_dll| 4.0.7577.4456| 5,958,952| 28-Oct-2014| 01:38| x86 \nUcdll| 4.0.7577.4484| 13,333,792| 25-Oct-2015| 07:15| x86 \nXceedzip.dll| 6.5.10316.0| 634,560| 16-May-2012| 18:39| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Lync 2010 Attendee (admin level install): September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025866", "href": "https://support.microsoft.com/en-us/help/4025866", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:10:24", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) \n \n**Note** To apply this security update, you must have the release version of Office Live Meeting 2007 installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Live Meeting website\n\nTo get the stand-alone package for this update, go to the [Live Meeting](<https://support.office.com/en-us/article/Download-the-Microsoft-Office-Live-Meeting-Console-8a432d04-45ac-4762-8e7f-e715dcd0f167?CorrelationId=57e0bf9f-836c-4a73-95b3-461ec149c610&ui=en-US&rs=en-US&ad=US>) website.\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB 4020735](<http://support.microsoft.com/kb/4020735>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nLMSetup.exe| 518F47F145EEBB141915272103CB9DBF8AABB99A| 48D38A53A7096592CC71C104821BC05491F4DBEFF8F15A24C05B34935421024A \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Live Meeting Console| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nArrow.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,058| 12-Jul-2017| 18:39| Not applicable \nBottom_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nBottom_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 635| 12-Jul-2017| 18:39| Not applicable \nBottom_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 635| 12-Jul-2017| 18:39| Not applicable \nBrandarc.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,942| 12-Jul-2017| 18:39| Not applicable \nButton_click_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_click_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_click_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_hover_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_hover_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_hover_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nButton_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nButton_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nCc_background.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,778| 12-Jul-2017| 18:39| Not applicable \nCc_default_image.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,817| 12-Jul-2017| 18:39| Not applicable \nCheck.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 4,394| 12-Jul-2017| 18:39| Not applicable \nDialogue_selected.gi.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 216| 12-Jul-2017| 18:39| Not applicable \nDownload_animation.g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 2,991| 12-Jul-2017| 18:39| Not applicable \nDownload_pg_separato.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,177| 12-Jul-2017| 18:39| Not applicable \nDropdown_arrow.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 46| 12-Jul-2017| 18:39| Not applicable \nDummy.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,664| 12-Jul-2017| 18:39| Not applicable \nDummy_slide_corner_g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,728| 12-Jul-2017| 18:39| Not applicable \nDummy_thumbnail.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,207| 12-Jul-2017| 18:39| Not applicable \nFile_anno.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,975| 12-Jul-2017| 18:39| Not applicable \nFile_anno.svg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 660| 12-Jul-2017| 18:39| Not applicable \nFile_appshare.dll| 8.0.6362.264| 1,447,424| 06-Sep-2017| 07:51| x86 \nFile_asrecprofile.prx| Not applicable| 3,830| 12-Jul-2017| 18:39| Not applicable \nFile_bgpubmgr.exe| 8.0.6362.281| 240,800| 07-Sep-2017| 16:04| x86 \nFile_bgpubres_da_dk.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:21| x86 \nFile_bgpubres_de_de.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:23| x86 \nFile_bgpubres_en_us.dll| 8.0.6362.281| 29,344| 07-Sep-2017| 16:08| x86 \nFile_bgpubres_es_es.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:24| x86 \nFile_bgpubres_fi_fi.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:26| x86 \nFile_bgpubres_fr_fr.dll| 8.0.6362.281| 31,392| 07-Sep-2017| 16:27| x86 \nFile_bgpubres_it_it.dll| 8.0.6362.281| 30,880| 07-Sep-2017| 16:29| x86 \nFile_bgpubres_ja_jp.dll| 8.0.6362.281| 25,760| 07-Sep-2017| 16:31| x86 \nFile_bgpubres_ko_kr.dll| 8.0.6362.281| 25,760| 07-Sep-2017| 16:32| x86 \nFile_bgpubres_nl_nl.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:34| x86 \nFile_bgpubres_pt_br.dll| 8.0.6362.281| 30,368| 07-Sep-2017| 16:36| x86 \nFile_bgpubres_sv_se.dll| 8.0.6362.281| 29,856| 07-Sep-2017| 16:38| x86 \nFile_bgpubres_zh_cn.dll| 8.0.6362.281| 23,712| 07-Sep-2017| 16:39| x86 \nFile_bgpubres_zh_tw.dll| 8.0.6362.281| 23,712| 07-Sep-2017| 16:41| x86 \nFile_blank.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 442| 12-Jul-2017| 18:39| Not applicable \nFile_blank.jpg.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 631| 12-Jul-2017| 18:39| Not applicable \nFile_blank.swf.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,440| 12-Jul-2017| 18:39| Not applicable \nFile_blank.wmv.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 9,389| 12-Jul-2017| 18:39| Not applicable \nFile_blankwithcss.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 238| 12-Jul-2017| 18:39| Not applicable \nFile_clipwidget.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 692| 12-Jul-2017| 18:39| Not applicable \nFile_close.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 78| 12-Jul-2017| 18:39| Not applicable \nFile_collabhook.dll| 8.0.6362.264| 97,792| 06-Sep-2017| 07:51| x86 \nFile_collaborate.dll| 8.0.6362.264| 1,304,576| 06-Sep-2017| 07:51| x86 \nFile_confapi.dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 2,281,112| 07-Sep-2017| 16:04| Not applicable \nFile_da_dk_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 230,560| 07-Sep-2017| 16:21| Not applicable \nFile_default.css.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,787| 12-Jul-2017| 18:39| Not applicable \nFile_default.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 10,797| 12-Jul-2017| 18:39| Not applicable \nFile_de_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 245,408| 07-Sep-2017| 16:23| Not applicable \nFile_en_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 226,976| 07-Sep-2017| 16:08| Not applicable \nFile_es_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 242,848| 07-Sep-2017| 16:24| Not applicable \nFile_fi_fi_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 233,120| 07-Sep-2017| 16:26| Not applicable \nFile_fr_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 246,944| 07-Sep-2017| 16:27| Not applicable \nFile_gdiplus.dll| 5.2.3790.4377| 1,742,808| 12-Jul-2017| 18:29| x86 \nFile_importutil.dll| 8.0.6362.281| 367,264| 07-Sep-2017| 16:04| x86 \nFile_intldate.dll| 12.0.6413.1000| 79,224| 12-Jul-2017| 18:43| x86 \nFile_it_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 241,312| 07-Sep-2017| 16:29| Not applicable \nFile_ja_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 198,816| 07-Sep-2017| 16:31| Not applicable \nFile_ko_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 196,768| 07-Sep-2017| 16:32| Not applicable \nFile_lm8_product_icon.png| Not applicable| 765| 12-Jul-2017| 18:38| Not applicable \nFile_lm8_product_icon_large.png| Not applicable| 1,944| 12-Jul-2017| 18:38| Not applicable \nFile_lmasrecord.dll| 8.0.6362.281| 300,704| 07-Sep-2017| 16:04| x86 \nFile_lmclientrecord.dll| 8.0.6362.281| 286,376| 07-Sep-2017| 16:04| x86 \nFile_lmdicore.dll| 0.3.5611.0| 1,234,080| 07-Sep-2017| 16:04| x86 \nFile_lmdigraph.dll| 0.3.5611.0| 984,224| 07-Sep-2017| 16:04| x86 \nFile_lmdimon.dll| 0.3.5611.0| 82,592| 07-Sep-2017| 16:04| x86 \nFile_lmdippr.dll| 0.3.5611.0| 82,080| 07-Sep-2017| 16:04| x86 \nFile_lmdires_da_dk.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:21| x86 \nFile_lmdires_de_de.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:23| x86 \nFile_lmdires_en_us.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:08| x86 \nFile_lmdires_es_es.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:24| x86 \nFile_lmdires_fi_fi.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:26| x86 \nFile_lmdires_fr_fr.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:27| x86 \nFile_lmdires_it_it.dll| 0.3.5611.0| 60,568| 07-Sep-2017| 16:29| x86 \nFile_lmdires_ja_jp.dll| 0.3.5611.0| 59,544| 07-Sep-2017| 16:31| x86 \nFile_lmdires_ko_kr.dll| 0.3.5611.0| 59,544| 07-Sep-2017| 16:32| x86 \nFile_lmdires_nl_nl.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:34| x86 \nFile_lmdires_pt_br.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:36| x86 \nFile_lmdires_sv_se.dll| 0.3.5611.0| 60,056| 07-Sep-2017| 16:38| x86 \nFile_lmdires_zh_cn.dll| 0.3.5611.0| 59,032| 07-Sep-2017| 16:39| x86 \nFile_lmdires_zh_tw.dll| 0.3.5611.0| 59,032| 07-Sep-2017| 16:41| x86 \nFile_lmdiui.dll| 0.3.5611.0| 159,896| 07-Sep-2017| 16:04| x86 \nFile_lmdiview.dll| 8.0.5611.0| 699,040| 07-Sep-2017| 16:04| x86 \nFile_lmpptview.dll| 8.0.6825.4| 2,045,088| 07-Sep-2017| 16:04| x86 \nFile_microsoft.vc80.crt.manifest| Not applicable| 1,869| 12-Jul-2017| 18:29| Not applicable \nFile_mmcrenderer.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 662| 12-Jul-2017| 18:39| Not applicable \nFile_msptls.dll| 12.0.6421.1000| 756,032| 12-Jul-2017| 18:43| x86 \nFile_msvcp80.dll| 8.0.50727.762| 548,864| 06-Sep-2017| 07:41| x86 \nFile_msvcr80.dll| 8.0.50727.762| 626,688| 06-Sep-2017| 07:41| x86 \nFile_nl_nl_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 240,288| 07-Sep-2017| 16:34| Not applicable \nFile_ogl.dll| 12.0.6776.5000| 1,591,008| 06-Sep-2017| 07:41| x86 \nFile_playback.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 6,750| 12-Jul-2017| 18:39| Not applicable \nFile_playback.js.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 738,064| 06-Sep-2017| 07:51| Not applicable \nFile_ppvwintl.dll| 8.0.6825.4| 337,568| 07-Sep-2017| 16:04| x86 \nFile_pt_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 238,240| 07-Sep-2017| 16:36| Not applicable \nFile_pubutil.dll| 8.0.6362.281| 754,328| 07-Sep-2017| 16:04| x86 \nFile_pwconsole.exe| 8.0.6362.281| 6,326,944| 07-Sep-2017| 16:04| x86 \nFile_pwresources_da_dk.dll| 8.0.6362.281| 259,232| 07-Sep-2017| 16:21| x86 \nFile_pwresources_de_de.dll| 8.0.6362.281| 285,856| 07-Sep-2017| 16:23| x86 \nFile_pwresources_en_us.dll| 8.0.6362.281| 250,528| 07-Sep-2017| 16:08| x86 \nFile_pwresources_es_es.dll| 8.0.6362.281| 276,128| 07-Sep-2017| 16:24| x86 \nFile_pwresources_fi_fi.dll| 8.0.6362.281| 261,792| 07-Sep-2017| 16:26| x86 \nFile_pwresources_fr_fr.dll| 8.0.6362.281| 287,392| 07-Sep-2017| 16:27| x86 \nFile_pwresources_it_it.dll| 8.0.6362.281| 277,664| 07-Sep-2017| 16:29| x86 \nFile_pwresources_ja_jp.dll| 8.0.6362.281| 187,552| 07-Sep-2017| 16:31| x86 \nFile_pwresources_ko_kr.dll| 8.0.6362.281| 181,920| 07-Sep-2017| 16:32| x86 \nFile_pwresources_nl_nl.dll| 8.0.6362.281| 275,104| 07-Sep-2017| 16:34| x86 \nFile_pwresources_pt_br.dll| 8.0.6362.281| 271,008| 07-Sep-2017| 16:36| x86 \nFile_pwresources_sv_se.dll| 8.0.6362.281| 255,136| 07-Sep-2017| 16:38| x86 \nFile_pwresources_zh_cn.dll| 8.0.6362.281| 155,808| 07-Sep-2017| 16:39| x86 \nFile_pwresources_zh_tw.dll| 8.0.6362.281| 157,344| 07-Sep-2017| 16:41| x86 \nFile_res_da_dk.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,965| 12-Jul-2017| 18:34| Not applicable \nFile_res_de_de.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,830| 12-Jul-2017| 18:34| Not applicable \nFile_res_en_us.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,487| 12-Jul-2017| 18:39| Not applicable \nFile_res_es_es.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,535| 12-Jul-2017| 18:34| Not applicable \nFile_res_fi_fi.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,011| 12-Jul-2017| 18:34| Not applicable \nFile_res_fr_fr.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,819| 12-Jul-2017| 18:34| Not applicable \nFile_res_it_it.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,527| 12-Jul-2017| 18:34| Not applicable \nFile_res_ja_jp.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 21,074| 12-Jul-2017| 18:34| Not applicable \nFile_res_ko_kr.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,908| 12-Jul-2017| 18:34| Not applicable \nFile_res_nl_nl.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,202| 12-Jul-2017| 18:34| Not applicable \nFile_res_pt_br.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 19,222| 12-Jul-2017| 18:34| Not applicable \nFile_res_sv_se.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,920| 12-Jul-2017| 18:34| Not applicable \nFile_res_zh_cn.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,176| 12-Jul-2017| 18:34| Not applicable \nFile_res_zh_tw.xml.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 18,215| 12-Jul-2017| 18:34| Not applicable \nFile_rtcrouter.dll| 8.0.6362.281| 287,392| 07-Sep-2017| 16:04| x86 \nFile_rtyuv.dll| 1.0.3656.0| 30,872| 07-Sep-2017| 16:04| x86 \nFile_saext.dll| 12.0.4518.1014| 291,128| 12-Jul-2017| 18:43| x86 \nFile_scdec.dll| 8.0.6362.281| 151,704| 07-Sep-2017| 16:04| x86 \nFile_start.htm.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 6,398| 12-Jul-2017| 18:39| Not applicable \nFile_sv_se_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 229,536| 07-Sep-2017| 16:38| Not applicable \nFile_transcoderprofile.prx| Not applicable| 7,202| 12-Jul-2017| 18:39| Not applicable \nFile_uccpres_da_dk.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:21| x86 \nFile_uccpres_de_de.dll| 2.0.6362.281| 640,152| 07-Sep-2017| 16:23| x86 \nFile_uccpres_en_us.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:08| x86 \nFile_uccpres_es_es.dll| 2.0.6362.281| 639,128| 07-Sep-2017| 16:24| x86 \nFile_uccpres_fi_fi.dll| 2.0.6362.281| 637,592| 07-Sep-2017| 16:26| x86 \nFile_uccpres_fr_fr.dll| 2.0.6362.281| 640,152| 07-Sep-2017| 16:27| x86 \nFile_uccpres_it_it.dll| 2.0.6362.281| 639,640| 07-Sep-2017| 16:29| x86 \nFile_uccpres_ja_jp.dll| 2.0.6362.281| 630,424| 07-Sep-2017| 16:31| x86 \nFile_uccpres_ko_kr.dll| 2.0.6362.281| 630,424| 07-Sep-2017| 16:32| x86 \nFile_uccpres_nl_nl.dll| 2.0.6362.281| 638,616| 07-Sep-2017| 16:34| x86 \nFile_uccpres_pt_br.dll| 2.0.6362.281| 638,616| 07-Sep-2017| 16:36| x86 \nFile_uccpres_sv_se.dll| 2.0.6362.281| 637,080| 07-Sep-2017| 16:38| x86 \nFile_uccpres_zh_cn.dll| 2.0.6362.281| 627,864| 07-Sep-2017| 16:39| x86 \nFile_uccpres_zh_tw.dll| 2.0.6362.281| 627,864| 07-Sep-2017| 16:41| x86 \nFile_uccp_dll.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| Not applicable \nFile_wvc1.wmv.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 11,066| 12-Jul-2017| 18:39| Not applicable \nFile_zh_cn_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,016| 07-Sep-2017| 16:39| Not applicable \nFile_zh_tw_confapisat.0cdc580d_0fec_49d7_9b5a_08cae1fa7d3d| 8.0.6362.281| 186,528| 07-Sep-2017| 16:41| Not applicable \nFrame_header.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 96| 12-Jul-2017| 18:39| Not applicable \nFrame_top_shadow.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 93| 12-Jul-2017| 18:39| Not applicable \nHeader_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 269| 12-Jul-2017| 18:39| Not applicable \nHeader_lmlogo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 4,725| 12-Jul-2017| 18:39| Not applicable \nIndex_minus.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 177| 12-Jul-2017| 18:39| Not applicable \nIndex_playing.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 152| 12-Jul-2017| 18:39| Not applicable \nIndex_plus.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 179| 12-Jul-2017| 18:39| Not applicable \nIndex_selected_name..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 147| 12-Jul-2017| 18:39| Not applicable \nIndex_selected_time..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 147| 12-Jul-2017| 18:39| Not applicable \nInformation.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,557| 12-Jul-2017| 18:39| Not applicable \nMenu_button_view.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,172| 12-Jul-2017| 18:39| Not applicable \nMenu_left_back.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 226| 12-Jul-2017| 18:39| Not applicable \nMuted_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,149| 12-Jul-2017| 18:39| Not applicable \nMuted_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,151| 12-Jul-2017| 18:39| Not applicable \nMuted_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nMuted_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,151| 12-Jul-2017| 18:39| Not applicable \nNext_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,154| 12-Jul-2017| 18:39| Not applicable \nNext_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,155| 12-Jul-2017| 18:39| Not applicable \nPaused_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPaused_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 744| 12-Jul-2017| 18:39| Not applicable \nPlay_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,164| 12-Jul-2017| 18:39| Not applicable \nPlay_back_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 570| 12-Jul-2017| 18:39| Not applicable \nPlay_back_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 150| 12-Jul-2017| 18:39| Not applicable \nPlay_back_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 586| 12-Jul-2017| 18:39| Not applicable \nPlay_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,166| 12-Jul-2017| 18:39| Not applicable \nPlay_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,166| 12-Jul-2017| 18:39| Not applicable \nPlay_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,165| 12-Jul-2017| 18:39| Not applicable \nPlay_sep.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 269| 12-Jul-2017| 18:39| Not applicable \nPrev_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,156| 12-Jul-2017| 18:39| Not applicable \nPrev_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,157| 12-Jul-2017| 18:39| Not applicable \nPrev_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,157| 12-Jul-2017| 18:39| Not applicable \nPrev_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,159| 12-Jul-2017| 18:39| Not applicable \nProgress_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 64| 12-Jul-2017| 18:39| Not applicable \nProgress_green.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 64| 12-Jul-2017| 18:39| Not applicable \nProgress_thumb.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 308| 12-Jul-2017| 18:39| Not applicable \nProgress_thumb_tail..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 601| 12-Jul-2017| 18:39| Not applicable \nRtmpltfm_dll| 3.0.6362.281| 5,449,888| 07-Sep-2017| 16:04| x86 \nStart_pg_background..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,245| 12-Jul-2017| 18:39| Not applicable \nStart_pg_lmlogo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 3,804| 12-Jul-2017| 18:39| Not applicable \nStart_pg_logo.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 16,064| 12-Jul-2017| 18:39| Not applicable \nStop_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 700| 12-Jul-2017| 18:39| Not applicable \nStop_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 697| 12-Jul-2017| 18:39| Not applicable \nStop_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 705| 12-Jul-2017| 18:39| Not applicable \nStop_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 705| 12-Jul-2017| 18:39| Not applicable \nTab_back.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 45| 12-Jul-2017| 18:39| Not applicable \nTab_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 94| 12-Jul-2017| 18:39| Not applicable \nTab_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 52| 12-Jul-2017| 18:39| Not applicable \nTab_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 93| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_left.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 168| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_middle.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 52| 12-Jul-2017| 18:39| Not applicable \nTab_unfocused_right.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 76| 12-Jul-2017| 18:39| Not applicable \nThumbnail_selection..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 530| 12-Jul-2017| 18:39| Not applicable \nUccp_dll| 2.0.6362.281| 3,320,984| 07-Sep-2017| 16:04| x86 \nUnmuted_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,160| 12-Jul-2017| 18:39| Not applicable \nUnmuted_click.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,161| 12-Jul-2017| 18:39| Not applicable \nUnmuted_hover.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,162| 12-Jul-2017| 18:39| Not applicable \nUnmuted_inactive.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 1,161| 12-Jul-2017| 18:39| Not applicable \nVol_slider_active.gi.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 311| 12-Jul-2017| 18:39| Not applicable \nVol_slider_hoverclic.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 310| 12-Jul-2017| 18:39| Not applicable \nVol_slider_inactive..3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 309| 12-Jul-2017| 18:39| Not applicable \nVol_track_active.gif.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 131| 12-Jul-2017| 18:39| Not applicable \nVol_track_inactive.g.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 131| 12-Jul-2017| 18:39| Not applicable \nX.png.3400cf91_ea7e_4dad_bbf5_5137a577c60f| Not applicable| 5,163| 12-Jul-2017| 18:39| Not applicable \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Live Meeting Console: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4025868", "href": "https://support.microsoft.com/en-us/help/4025868", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:53", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>), [Microsoft Common Vulnerabilities and Exposures CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>). \n \n**Note** To apply this security update, you must have the release version of Skype for Business 2016 installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issues: \n\n\n * Makes sure that announce events for toasts do not use MenuOpened in Skype for Business 2016\n * Skype for Business 2016 does not display the title or department in the search results when the title field is empty in AD\n * Sign-in delay in Skype for Business 2016 when the client uses a direct connection\n * Unread messages in persistent chat rooms are marked as read when you click the IM conversation tabs in Skype for Business 2016\n * Security issues when trying to connect to the \u201cskypeforbusiness.us\u201d domain in Skype for Business 2016\n\n## Known issues\n\nAfter you install this update, Skype for Business 2016 may crash when you click an incoming IM or call toast by using a screen reader. To fix this issue, install either of the following updates:\n\n * August 1, 2017, update for Office 2016 (KB3203472)\n * September 5, 2017, update for Office 2016 (KB4011099)\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011040>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011040 for the 32-bit version of Skype for Business 2016](<http://www.microsoft.com/download/details.aspx?familyid=f9b16fc9-d311-4e89-b8ca-1c8885488b06>)\n * [Download the security update KB4011040 for the 64-bit version of Skype for Business 2016](<http://www.microsoft.com/download/details.aspx?familyid=71a1182f-d498-45ca-a827-6aa17147f22d>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### Prerequisites\n\nTo apply this security update, you must have either of the following updates installed: [3203472](<https://support.microsoft.com/help/3203472>) August 1, 2017, update for Office 2016 (KB3203472)[4011099](<https://support.microsoft.com/help/4011099>) September 5, 2017, update for Office 2016 (KB4011099)\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nlync2016-kb4011040-fullfile-x64-glb.exe| 32C0712A18F2C2868889C0C58A0BC984423788F2| DB9C94BEBF2761B9D4B368643AE73EEDBA8A1323D1788C1B93C8A290EC0D6132 \nlync2016-kb4011040-fullfile-x86-glb.exe| 0A13C3DDD0778EB368318A0D871EEF8C287E9924| EB1CD31DF6A93DE77F1E97EC901019D91241E711CB2480B40D5A34C2280D8B75 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Skype for Business 2016| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nlync.lyncdesktopresour.dll.x86.1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| | \nlync.lyncdesktopresour.dll_1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1025| ocapires.dll| 16.0.4483.1000| 72400| | \nlync.ocapires.dll_1025| ocapires.dll| 16.0.4483.1000| 72400| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1025| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1025| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1026| ocapires.dll| 16.0.4483.1000| 73408| | \nlync.ocapires.dll_1026| ocapires.dll| 16.0.4483.1000| 73408| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1026| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_1026| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1026| uccapires.dll| 16.0.4522.1000| 1295040| | \nlync.uccapires.dll_1026| uccapires.dll| 16.0.4522.1000| 1295040| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| | \nlync.lyncdesktopresour.dll_1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1029| ocapires.dll| 16.0.4483.1000| 79040| | \nlync.ocapires.dll_1029| ocapires.dll| 16.0.4483.1000| 79040| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1029| ocpubres.dll| 16.0.4483.1000| 1511616| | \nlync.ocpubres.dll_1029| ocpubres.dll| 16.0.4483.1000| 1511616| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1029| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1029| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1030| lyncdesktopresources.dll| 16.0.4588.1000| 358096| | \nlync.lyncdesktopresour.dll_1030| lyncdesktopresources.dll| 16.0.4588.1000| 358096| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1030| ocapires.dll| 16.0.4471.1000| 71368| | \nlync.ocapires.dll_1030| ocapires.dll| 16.0.4471.1000| 71368| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1030| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1030| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1030| uccapires.dll| 16.0.4516.1000| 1294536| | \nlync.uccapires.dll_1030| uccapires.dll| 16.0.4516.1000| 1294536| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| | \nlync.lyncdesktopresour.dll_1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1031| ocapires.dll| 16.0.4534.1000| 78536| | \nlync.ocapires.dll_1031| ocapires.dll| 16.0.4534.1000| 78536| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1031| ucaddinres.dll| 16.0.4573.1000| 183496| | \nlync.ucaddinres.dll_1031| ucaddinres.dll| 16.0.4573.1000| 183496| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| | \nlync.lyncdesktopresour.dll_1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1032| ocapires.dll| 16.0.4483.1000| 78528| | \nlync.ocapires.dll_1032| ocapires.dll| 16.0.4483.1000| 78528| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1032| ucaddinres.dll| 16.0.4561.1000| 181960| | \nlync.ucaddinres.dll_1032| ucaddinres.dll| 16.0.4561.1000| 181960| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| | \nlync.lyncdesktopresour.dll_3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.3082| ocapires.dll| 16.0.4483.1000| 74440| | \nlync.ocapires.dll_3082| ocapires.dll| 16.0.4483.1000| 74440| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.3082| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_3082| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.3082| uccapires.dll| 16.0.4522.1000| 1296584| | \nlync.uccapires.dll_3082| uccapires.dll| 16.0.4522.1000| 1296584| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1061| ocapires.dll| 16.0.4522.1000| 70344| | \nlync.ocapires.dll_1061| ocapires.dll| 16.0.4522.1000| 70344| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1061| ocpubres.dll| 16.0.4522.1000| 1510600| | \nlync.ocpubres.dll_1061| ocpubres.dll| 16.0.4522.1000| 1510600| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1061| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1061| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1035| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1035| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1035| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1035| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1035| ocpubres.dll| 16.0.4522.1000| 1512136| | \nlync.ocpubres.dll_1035| ocpubres.dll| 16.0.4522.1000| 1512136| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1035| ucaddinres.dll| 16.0.4561.1000| 178384| | \nlync.ucaddinres.dll_1035| ucaddinres.dll| 16.0.4561.1000| 178384| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1035| uccapires.dll| 16.0.4534.1000| 1294536| | \nlync.uccapires.dll_1035| uccapires.dll| 16.0.4534.1000| 1294536| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| | \nlync.lyncdesktopresour.dll_1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1036| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1036| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1036| ucaddinres.dll| 16.0.4561.1000| 182976| | \nlync.ucaddinres.dll_1036| ucaddinres.dll| 16.0.4561.1000| 182976| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| | \nlync.lyncdesktopresour.dll_1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1037| ocapires.dll| 16.0.4483.1000| 65736| | \nlync.ocapires.dll_1037| ocapires.dll| 16.0.4483.1000| 65736| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1037| ucaddinres.dll| 16.0.4561.1000| 172744| | \nlync.ucaddinres.dll_1037| ucaddinres.dll| 16.0.4561.1000| 172744| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| | \nlync.lyncdesktopresour.dll_1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1081| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1081| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1081| ucaddinres.dll| 16.0.4561.1000| 178888| | \nlync.ucaddinres.dll_1081| ucaddinres.dll| 16.0.4561.1000| 178888| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| | \nlync.lyncdesktopresour.dll_1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1050| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1050| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1050| ocpubres.dll| 16.0.4498.1000| 1512128| | \nlync.ocpubres.dll_1050| ocpubres.dll| 16.0.4498.1000| 1512128| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1050| ucaddinres.dll| 16.0.4561.1000| 180416| | \nlync.ucaddinres.dll_1050| ucaddinres.dll| 16.0.4561.1000| 180416| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1050| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1050| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1038| lyncdesktopresources.dll| 16.0.4588.1000| 386776| | \nlync.lyncdesktopresour.dll_1038| lyncdesktopresources.dll| 16.0.4588.1000| 386776| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1038| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1038| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x86.1038| ocpubres.dll| 16.0.4534.1000| 1513168| | \nlync.ocpubres.dll_1038| ocpubres.dll| 16.0.4534.1000| 1513168| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1038| ucaddinres.dll| 16.0.4561.1000| 180944| | \nlync.ucaddinres.dll_1038| ucaddinres.dll| 16.0.4561.1000| 180944| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| | \nlync.lyncdesktopresour.dll_1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1057| ocapires.dll| 16.0.4483.1000| 70352| | \nlync.ocapires.dll_1057| ocapires.dll| 16.0.4483.1000| 70352| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1057| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1057| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| | \nlync.lyncdesktopresour.dll_1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1040| ocapires.dll| 16.0.4483.1000| 71880| | \nlync.ocapires.dll_1040| ocapires.dll| 16.0.4483.1000| 71880| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1040| ucaddinres.dll| 16.0.4561.1000| 180424| | \nlync.ucaddinres.dll_1040| ucaddinres.dll| 16.0.4561.1000| 180424| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1041| lyncdesktopresources.dll| 16.0.4588.1000| 369352| | \nlync.lyncdesktopresour.dll_1041| lyncdesktopresources.dll| 16.0.4588.1000| 369352| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1041| ocapires.dll| 16.0.4483.1000| 74448| | \nlync.ocapires.dll_1041| ocapires.dll| 16.0.4483.1000| 74448| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1041| ucaddinres.dll| 16.0.4561.1000| 167632| | \nlync.ucaddinres.dll_1041| ucaddinres.dll| 16.0.4561.1000| 167632| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1087| lyncdesktopresources.dll| 16.0.4588.1000| 391360| | \nlync.lyncdesktopresour.dll_1087| lyncdesktopresources.dll| 16.0.4588.1000| 391360| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1087| ocapires.dll| 16.0.4483.1000| 82632| | \nlync.ocapires.dll_1087| ocapires.dll| 16.0.4483.1000| 82632| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1087| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1087| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:58 \nlync.uccapires.dll.x86.1087| uccapires.dll| 16.0.4522.1000| 1294528| | \nlync.uccapires.dll_1087| uccapires.dll| 16.0.4522.1000| 1294528| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| | \nlync.lyncdesktopresour.dll_1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| 24-Aug-17| 04:58 \nlync.ocapires.dll.x86.1042| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1042| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x86.1042| ucaddinres.dll| 16.0.4561.1000| 167112| | \nlync.ucaddinres.dll_1042| ucaddinres.dll| 16.0.4561.1000| 167112| 24-Aug-17| 04:58 \nlync.lyncdesktopresour.dll.x86.1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| | \nlync.lyncdesktopresour.dll_1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1063| ocapires.dll| 16.0.4483.1000| 74424| | \nlync.ocapires.dll_1063| ocapires.dll| 16.0.4483.1000| 74424| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1063| ocpubres.dll| 16.0.4483.1000| 1511608| | \nlync.ocpubres.dll_1063| ocpubres.dll| 16.0.4483.1000| 1511608| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1063| ucaddinres.dll| 16.0.4561.1000| 179384| | \nlync.ucaddinres.dll_1063| ucaddinres.dll| 16.0.4561.1000| 179384| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1062| lyncdesktopresources.dll| 16.0.4588.1000| 370360| | \nlync.lyncdesktopresour.dll_1062| lyncdesktopresources.dll| 16.0.4588.1000| 370360| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1062| ocapires.dll| 16.0.4534.1000| 74928| | \nlync.ocapires.dll_1062| ocapires.dll| 16.0.4534.1000| 74928| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1062| ocpubres.dll| 16.0.4534.1000| 1512112| | \nlync.ocpubres.dll_1062| ocpubres.dll| 16.0.4534.1000| 1512112| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1062| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1062| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1062| uccapires.dll| 16.0.4534.1000| 1295032| | \nlync.uccapires.dll_1062| uccapires.dll| 16.0.4534.1000| 1295032| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1086| lyncdesktopresources.dll| 16.0.4588.1000| 360144| | \nlync.lyncdesktopresour.dll_1086| lyncdesktopresources.dll| 16.0.4588.1000| 360144| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1086| ocapires.dll| 16.0.4483.1000| 71368| | \nlync.ocapires.dll_1086| ocapires.dll| 16.0.4483.1000| 71368| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1086| ocpubres.dll| 16.0.4324.1000| 1511632| | \nlync.ocpubres.dll_1086| ocpubres.dll| 16.0.4324.1000| 1511632| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1086| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1086| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1044| lyncdesktopresources.dll| 16.0.4588.1000| 352456| | \nlync.lyncdesktopresour.dll_1044| lyncdesktopresources.dll| 16.0.4588.1000| 352456| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1044| ocapires.dll| 16.0.4483.1000| 70864| | \nlync.ocapires.dll_1044| ocapires.dll| 16.0.4483.1000| 70864| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1044| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1044| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| | \nlync.lyncdesktopresour.dll_1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1043| ocapires.dll| 16.0.4516.1000| 74456| | \nlync.ocapires.dll_1043| ocapires.dll| 16.0.4516.1000| 74456| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1043| ucaddinres.dll| 16.0.4561.1000| 180952| | \nlync.ucaddinres.dll_1043| ucaddinres.dll| 16.0.4561.1000| 180952| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1045| lyncdesktopresources.dll| 16.0.4588.1000| 382136| | \nlync.lyncdesktopresour.dll_1045| lyncdesktopresources.dll| 16.0.4588.1000| 382136| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1045| ocapires.dll| 16.0.4483.1000| 79544| | \nlync.ocapires.dll_1045| ocapires.dll| 16.0.4483.1000| 79544| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1045| ocpubres.dll| 16.0.4483.1000| 1514176| | \nlync.ocpubres.dll_1045| ocpubres.dll| 16.0.4483.1000| 1514176| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1045| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1045| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| | \nlync.lyncdesktopresour.dll_1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1046| ocapires.dll| 16.0.4534.1000| 72912| | \nlync.ocapires.dll_1046| ocapires.dll| 16.0.4534.1000| 72912| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1046| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1046| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| | \nlync.lyncdesktopresour.dll_2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.2070| ocapires.dll| 16.0.4483.1000| 73424| | \nlync.ocapires.dll_2070| ocapires.dll| 16.0.4483.1000| 73424| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2070| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_2070| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| | \nlync.lyncdesktopresour.dll_1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1048| ocapires.dll| 16.0.4483.1000| 80592| | \nlync.ocapires.dll_1048| ocapires.dll| 16.0.4483.1000| 80592| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1048| ocpubres.dll| 16.0.4534.1000| 1514696| | \nlync.ocpubres.dll_1048| ocpubres.dll| 16.0.4534.1000| 1514696| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1048| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_1048| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1049| ocapires.dll| 16.0.4471.1000| 75968| | \nlync.ocapires.dll_1049| ocapires.dll| 16.0.4471.1000| 75968| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1049| ocpubres.dll| 16.0.4549.1000| 1512136| | \nlync.ocpubres.dll_1049| ocpubres.dll| 16.0.4549.1000| 1512136| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1049| ucaddinres.dll| 16.0.4561.1000| 179904| | \nlync.ucaddinres.dll_1049| ucaddinres.dll| 16.0.4561.1000| 179904| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1049| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1049| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1051| lyncdesktopresources.dll| 16.0.4588.1000| 385224| | \nlync.lyncdesktopresour.dll_1051| lyncdesktopresources.dll| 16.0.4588.1000| 385224| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1051| ocapires.dll| 16.0.4483.1000| 79056| | \nlync.ocapires.dll_1051| ocapires.dll| 16.0.4483.1000| 79056| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1051| ocpubres.dll| 16.0.4483.1000| 1512144| | \nlync.ocpubres.dll_1051| ocpubres.dll| 16.0.4483.1000| 1512144| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1051| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1051| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1051| uccapires.dll| 16.0.4522.1000| 1295560| | \nlync.uccapires.dll_1051| uccapires.dll| 16.0.4522.1000| 1295560| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| | \nlync.lyncdesktopresour.dll_1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1060| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1060| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1060| ocpubres.dll| 16.0.4483.1000| 1512136| | \nlync.ocpubres.dll_1060| ocpubres.dll| 16.0.4483.1000| 1512136| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1060| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1060| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| | \nlync.lyncdesktopresour.dll_2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2074| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_2074| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.9242| lyncdesktopresources.dll| 16.0.4588.1000| 365248| | \nlync.lyncdesktopresour.dll_9242| lyncdesktopresources.dll| 16.0.4588.1000| 365248| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.9242| ocapires.dll| 16.0.4483.1000| 73400| | \nlync.ocapires.dll_9242| ocapires.dll| 16.0.4483.1000| 73400| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.9242| ucaddinres.dll| 16.0.4561.1000| 178360| | \nlync.ucaddinres.dll_9242| ucaddinres.dll| 16.0.4561.1000| 178360| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| | \nlync.lyncdesktopresour.dll_1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1053| ocapires.dll| 16.0.4483.1000| 71360| | \nlync.ocapires.dll_1053| ocapires.dll| 16.0.4483.1000| 71360| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1053| ocpubres.dll| 16.0.4522.1000| 1512640| | \nlync.ocpubres.dll_1053| ocpubres.dll| 16.0.4522.1000| 1512640| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1053| ucaddinres.dll| 16.0.4561.1000| 177856| | \nlync.ucaddinres.dll_1053| ucaddinres.dll| 16.0.4561.1000| 177856| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1054| lyncdesktopresources.dll| 16.0.4588.1000| 369864| | \nlync.lyncdesktopresour.dll_1054| lyncdesktopresources.dll| 16.0.4588.1000| 369864| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1054| ocapires.dll| 16.0.4483.1000| 74952| | \nlync.ocapires.dll_1054| ocapires.dll| 16.0.4483.1000| 74952| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.1054| ocpubres.dll| 16.0.4483.1000| 1509576| | \nlync.ocpubres.dll_1054| ocpubres.dll| 16.0.4483.1000| 1509576| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1054| ucaddinres.dll| 16.0.4561.1000| 176840| | \nlync.ucaddinres.dll_1054| ucaddinres.dll| 16.0.4561.1000| 176840| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1055| lyncdesktopresources.dll| 16.0.4588.1000| 377528| | \nlync.lyncdesktopresour.dll_1055| lyncdesktopresources.dll| 16.0.4588.1000| 377528| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1055| ocapires.dll| 16.0.4471.1000| 77496| | \nlync.ocapires.dll_1055| ocapires.dll| 16.0.4471.1000| 77496| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1055| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1055| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| | \nlync.lyncdesktopresour.dll_1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1058| ocapires.dll| 16.0.4471.1000| 76992| | \nlync.ocapires.dll_1058| ocapires.dll| 16.0.4471.1000| 76992| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1058| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1058| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 04:59 \nlync.uccapires.dll.x86.1058| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1058| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1066| lyncdesktopresources.dll| 16.0.4588.1000| 393936| | \nlync.lyncdesktopresour.dll_1066| lyncdesktopresources.dll| 16.0.4588.1000| 393936| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1066| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1066| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1066| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1066| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| | \nlync.lyncdesktopresour.dll_2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.2052| ocapires.dll| 16.0.4516.1000| 66768| | \nlync.ocapires.dll_2052| ocapires.dll| 16.0.4516.1000| 66768| 24-Aug-17| 04:59 \nlync.ocpubres.dll.x86.2052| ocpubres.dll| 16.0.4483.1000| 1496272| | \nlync.ocpubres.dll_2052| ocpubres.dll| 16.0.4483.1000| 1496272| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.2052| ucaddinres.dll| 16.0.4561.1000| 164048| | \nlync.ucaddinres.dll_2052| ucaddinres.dll| 16.0.4561.1000| 164048| 24-Aug-17| 04:59 \nlync.lyncdesktopresour.dll.x86.1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| | \nlync.lyncdesktopresour.dll_1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| 24-Aug-17| 04:59 \nlync.ocapires.dll.x86.1028| ocapires.dll| 16.0.4483.1000| 66760| | \nlync.ocapires.dll_1028| ocapires.dll| 16.0.4483.1000| 66760| 24-Aug-17| 04:59 \nlync.ucaddinres.dll.x86.1028| ucaddinres.dll| 16.0.4561.1000| 164032| | \nlync.ucaddinres.dll_1028| ucaddinres.dll| 16.0.4561.1000| 164032| 24-Aug-17| 04:59 \nlync.appsharinghookcontroller64.exe.x64| appsharinghookcontroller64.exe| 16.0.4480.1000| 48336| 24-Aug-17| 04:53 \nlync.lyncdesktopresour.dll.x86.1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| | \nlync.lyncdesktopresour.dll_1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| 24-Aug-17| 04:51 \nlync.ocapires.dll.x86.1033| ocapires.dll| 16.0.4462.1000| 68816| | \nlync.ocapires.dll_1033| ocapires.dll| 16.0.4462.1000| 68816| 24-Aug-17| 04:51 \nlync.ocpubres.dll.x86.1033| ocpubres.dll| 16.0.4462.1000| 1510088| | \nlync.ocpubres.dll_1033| ocpubres.dll| 16.0.4462.1000| 1510088| 24-Aug-17| 04:51 \nlync.ucaddinres.dll.x86.1033| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1033| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:51 \nlync.appsharinghookcontroller.exe.x86| appsharinghookcontroller.exe| 16.0.4432.1000| 42704| 24-Aug-17| 04:52 \nlync.appsharingmediapr.dll| appsharingmediaprovider.dll| 16.0.4534.1000| 118984| 24-Aug-17| 04:52 \nautohelper.dll| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:52 \nautohelper.dll.x86| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:59 \nlync.lync.exe| lync.exe| 16.0.4588.1000| 22588624| 24-Aug-17| 04:52 \nlync.man| lync.exe.manifest| | 3278| 24-Aug-17| 04:52 \nlync.lync99.exe| lync99.exe| 16.0.4585.1000| 736464| 24-Aug-17| 04:52 \nlync.lyncdesktopsmartbitmapresources.dll| lyncdesktopsmartbitmapresources.dll| | 39311040| 24-Aug-17| 04:52 \nlync.lyncdesktopviewmo.dll| lyncdesktopviewmodel.dll| 16.0.4585.1000| 11690192| 24-Aug-17| 04:52 \nlync.lyncmodelproxy.dll| lyncmodelproxy.dll| 16.0.4582.1000| 1731792| 24-Aug-17| 04:52 \nlync.meetingjoinaxoc.dll| meetingjoinaxoc.dll| 16.0.4480.1000| 78536| 24-Aug-17| 04:52 \nlync.meetingjoinaxoc.dll.x86| meetingjoinaxoc.dll| 16.0.4480.1000| 78536| | \nlync.npmeetingjoinpluginoc.dll.x86| npmeetingjoinpluginoc.dll| 16.0.4288.1000| 39192| 24-Aug-17| 04:52 \nlync.ochelper.dll| ochelper.dll| 16.0.4576.1000| 171208| 24-Aug-17| 04:52 \nlync.ochelper.dll.x86| ochelper.dll| 16.0.4576.1000| 171208| | \nlync.ocimport.dll| ocimport.dll| 16.0.4585.1000| 710920| 24-Aug-17| 04:52 \nlync.ocoffice.dll| ocoffice.dll| 16.0.4588.1000| 484560| 24-Aug-17| 04:52 \nlync.ocpubmgr.exe| ocpubmgr.exe| 16.0.4585.1000| 1555248| 24-Aug-17| 04:52 \nlync.ocrec.dll| ocrec.dll| 16.0.4585.1000| 616144| 24-Aug-17| 04:52 \nlync.psom.dll| psom.dll| 16.0.4585.1000| 969424| 24-Aug-17| 04:52 \nlync.mlmodel.zip| microsoft.lync.model.zip| | 86598| 24-Aug-17| 04:52 \nlync.uc.dll| uc.dll| 16.0.4585.1000| 27235656| 24-Aug-17| 04:52 \nlync.ucaddin.dll| ucaddin.dll| 16.0.4561.1000| 1049800| 24-Aug-17| 04:52 \nlync.uccapi.dll| uccapi.dll| 16.0.4585.1000| 6895368| 24-Aug-17| 04:52 \nlync.ucmapi.exe| ucmapi.exe| 16.0.4585.1000| 1075920| 24-Aug-17| 04:52 \nlync.win32msgqueue.dll| win32msgqueue.dll| 16.0.4585.1000| 87816| 24-Aug-17| 04:52 \nlync.e.propertymodel.dll| propertymodel.dll| 16.0.4288.1000| 886368| 24-Aug-17| 04:52 \nlync.propertymodelprox.dll| propertymodelproxy.dll| 16.0.4288.1000| 328896| 24-Aug-17| 04:52 \nlync.appshapi.dll| appshapi.dll| 5.0.8308.902| 2720552| 24-Aug-17| 04:52 \nlync.appshcom.dll| appshcom.dll| 5.0.8308.902| 296744| 24-Aug-17| 04:52 \nlync.appshvw.dll| appshvw.dll| 5.0.8308.902| 3000096| 24-Aug-17| 04:52 \nlync.rtmcodecs.dll| rtmcodecs.dll| 6.0.8953.268| 3441808| 24-Aug-17| 04:52 \nlync.rtmmediamanager.dll| rtmmediamanager.dll| 6.0.8953.268| 595600| 24-Aug-17| 04:52 \nlync.rtmmvras.dll| rtmmvras.dll| 6.0.8953.268| 70288| 24-Aug-17| 04:52 \nlync.rtmmvrcs.dll| rtmmvrcs.dll| 6.0.8953.268| 49296| 24-Aug-17| 04:52 \nlync.rtmmvrhw.dll| rtmmvrhw.dll| 6.0.8953.268| 65168| 24-Aug-17| 04:52 \nlync.rtmmvrsplitter.dll| rtmmvrsplitter.dll| 6.0.8953.268| 36496| 24-Aug-17| 04:52 \nlync.rtmpal.dll| rtmpal.dll| 6.0.8953.268| 2337424| 24-Aug-17| 04:52 \nlync.rtmpltfm.dll| rtmpltfm.dll| 6.0.8953.268| 7942800| 24-Aug-17| 04:52 \nlync.vc1decodermftdll.dll| rtmvc1decmft.dll| 6.0.8953.268| 344720| 24-Aug-17| 04:52 \nlync.ssscreenvvs.dll| ssscreenvvs.dll| 6.0.8953.268| 119952| 24-Aug-17| 04:52 \nlync.ocintldate.dll| ocintldate.dll| 6.0.8939.40| 84672| 24-Aug-17| 04:52 \nlync.ocmsptls.dll| ocmsptls.dll| 6.0.8939.40| 843960| 24-Aug-17| 04:52 \nlync.ocogl.dll| ocogl.dll| 6.0.8939.40| 1733288| 24-Aug-17| 04:52 \nlync.ocpptview.dll| ocpptview.dll| 6.0.8939.40| 1929400| 24-Aug-17| 04:52 \nlync.ocppvwintl.dll| ocppvwintl.dll| 6.0.8939.40| 350392| 24-Aug-17| 04:52 \nlync.ocsaext.dll| ocsaext.dll| 6.0.8939.40| 325808| 24-Aug-17| 04:52 \nlync.lynchtmlconv.exe| lynchtmlconv.exe| 16.0.4588.1000| 9327816| 24-Aug-17| 04:52 \nFor all supported x64-based versions of Skype for Business 2016File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nlync.lyncdesktopresour.dll.x64.1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| | \nlync.lyncdesktopresour.dll_1025| lyncdesktopresources.dll| 16.0.4588.1000| 360656| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1025| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1025| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1025| ucaddinres.dll| 16.0.4561.1000| 175824| | \nlync.ucaddinres.dll_1025| ucaddinres.dll| 16.0.4561.1000| 175824| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1026| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1026| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1026| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1026| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1026| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1026| uccapires.dll| 16.0.4522.1000| 1295040| | \nlync.uccapires.dll_1026| uccapires.dll| 16.0.4522.1000| 1295040| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| | \nlync.lyncdesktopresour.dll_1029| lyncdesktopresources.dll| 16.0.4588.1000| 382656| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1029| ocapires.dll| 16.0.4483.1000| 79040| | \nlync.ocapires.dll_1029| ocapires.dll| 16.0.4483.1000| 79040| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1029| ocpubres.dll| 16.0.4483.1000| 1514176| | \nlync.ocpubres.dll_1029| ocpubres.dll| 16.0.4483.1000| 1514176| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1029| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1029| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1030| lyncdesktopresources.dll| 16.0.4588.1000| 358088| | \nlync.lyncdesktopresour.dll_1030| lyncdesktopresources.dll| 16.0.4588.1000| 358088| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1030| ocapires.dll| 16.0.4471.1000| 71368| | \nlync.ocapires.dll_1030| ocapires.dll| 16.0.4471.1000| 71368| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1030| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1030| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1030| uccapires.dll| 16.0.4516.1000| 1294536| | \nlync.uccapires.dll_1030| uccapires.dll| 16.0.4516.1000| 1294536| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| | \nlync.lyncdesktopresour.dll_1031| lyncdesktopresources.dll| 16.0.4588.1000| 384720| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1031| ocapires.dll| 16.0.4534.1000| 78536| | \nlync.ocapires.dll_1031| ocapires.dll| 16.0.4534.1000| 78536| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1031| ucaddinres.dll| 16.0.4573.1000| 183496| | \nlync.ucaddinres.dll_1031| ucaddinres.dll| 16.0.4573.1000| 183496| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| | \nlync.lyncdesktopresour.dll_1032| lyncdesktopresources.dll| 16.0.4588.1000| 389832| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1032| ocapires.dll| 16.0.4483.1000| 78536| | \nlync.ocapires.dll_1032| ocapires.dll| 16.0.4483.1000| 78536| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1032| ucaddinres.dll| 16.0.4561.1000| 181952| | \nlync.ucaddinres.dll_1032| ucaddinres.dll| 16.0.4561.1000| 181952| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| | \nlync.lyncdesktopresour.dll_3082| lyncdesktopresources.dll| 16.0.4588.1000| 371400| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.3082| ocapires.dll| 16.0.4483.1000| 74440| | \nlync.ocapires.dll_3082| ocapires.dll| 16.0.4483.1000| 74440| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.3082| ucaddinres.dll| 16.0.4561.1000| 180936| | \nlync.ucaddinres.dll_3082| ucaddinres.dll| 16.0.4561.1000| 180936| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.3082| uccapires.dll| 16.0.4522.1000| 1296584| | \nlync.uccapires.dll_3082| uccapires.dll| 16.0.4522.1000| 1296584| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| | \nlync.lyncdesktopresour.dll_1061| lyncdesktopresources.dll| 16.0.4588.1000| 358600| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1061| ocapires.dll| 16.0.4522.1000| 70344| | \nlync.ocapires.dll_1061| ocapires.dll| 16.0.4522.1000| 70344| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1061| ocpubres.dll| 16.0.4522.1000| 1513152| | \nlync.ocpubres.dll_1061| ocpubres.dll| 16.0.4522.1000| 1513152| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1061| ucaddinres.dll| 16.0.4561.1000| 177864| | \nlync.ucaddinres.dll_1061| ucaddinres.dll| 16.0.4561.1000| 177864| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1035| lyncdesktopresources.dll| 16.0.4588.1000| 358608| | \nlync.lyncdesktopresour.dll_1035| lyncdesktopresources.dll| 16.0.4588.1000| 358608| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1035| ocapires.dll| 16.0.4483.1000| 72392| | \nlync.ocapires.dll_1035| ocapires.dll| 16.0.4483.1000| 72392| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1035| ocpubres.dll| 16.0.4522.1000| 1514696| | \nlync.ocpubres.dll_1035| ocpubres.dll| 16.0.4522.1000| 1514696| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1035| ucaddinres.dll| 16.0.4561.1000| 178384| | \nlync.ucaddinres.dll_1035| ucaddinres.dll| 16.0.4561.1000| 178384| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1035| uccapires.dll| 16.0.4534.1000| 1294544| | \nlync.uccapires.dll_1035| uccapires.dll| 16.0.4534.1000| 1294544| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| | \nlync.lyncdesktopresour.dll_1036| lyncdesktopresources.dll| 16.0.4588.1000| 387264| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1036| ocapires.dll| 16.0.4483.1000| 81096| | \nlync.ocapires.dll_1036| ocapires.dll| 16.0.4483.1000| 81096| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1036| ucaddinres.dll| 16.0.4561.1000| 182976| | \nlync.ucaddinres.dll_1036| ucaddinres.dll| 16.0.4561.1000| 182976| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| | \nlync.lyncdesktopresour.dll_1037| lyncdesktopresources.dll| 16.0.4588.1000| 338128| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1037| ocapires.dll| 16.0.4483.1000| 65736| | \nlync.ocapires.dll_1037| ocapires.dll| 16.0.4483.1000| 65736| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1037| ucaddinres.dll| 16.0.4561.1000| 172744| | \nlync.ucaddinres.dll_1037| ucaddinres.dll| 16.0.4561.1000| 172744| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| | \nlync.lyncdesktopresour.dll_1081| lyncdesktopresources.dll| 16.0.4588.1000| 386248| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1081| ocapires.dll| 16.0.4483.1000| 81088| | \nlync.ocapires.dll_1081| ocapires.dll| 16.0.4483.1000| 81088| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1081| ucaddinres.dll| 16.0.4561.1000| 178880| | \nlync.ucaddinres.dll_1081| ucaddinres.dll| 16.0.4561.1000| 178880| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| | \nlync.lyncdesktopresour.dll_1050| lyncdesktopresources.dll| 16.0.4588.1000| 361664| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1050| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1050| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1050| ocpubres.dll| 16.0.4498.1000| 1514688| | \nlync.ocpubres.dll_1050| ocpubres.dll| 16.0.4498.1000| 1514688| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1050| ucaddinres.dll| 16.0.4561.1000| 180408| | \nlync.ucaddinres.dll_1050| ucaddinres.dll| 16.0.4561.1000| 180408| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1050| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1050| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1038| lyncdesktopresources.dll| 16.0.4588.1000| 386768| | \nlync.lyncdesktopresour.dll_1038| lyncdesktopresources.dll| 16.0.4588.1000| 386768| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1038| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1038| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1038| ocpubres.dll| 16.0.4534.1000| 1515728| | \nlync.ocpubres.dll_1038| ocpubres.dll| 16.0.4534.1000| 1515728| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1038| ucaddinres.dll| 16.0.4561.1000| 180944| | \nlync.ucaddinres.dll_1038| ucaddinres.dll| 16.0.4561.1000| 180944| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| | \nlync.lyncdesktopresour.dll_1057| lyncdesktopresources.dll| 16.0.4588.1000| 356560| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1057| ocapires.dll| 16.0.4483.1000| 70352| | \nlync.ocapires.dll_1057| ocapires.dll| 16.0.4483.1000| 70352| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1057| ucaddinres.dll| 16.0.4561.1000| 177872| | \nlync.ucaddinres.dll_1057| ucaddinres.dll| 16.0.4561.1000| 177872| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| | \nlync.lyncdesktopresour.dll_1040| lyncdesktopresources.dll| 16.0.4588.1000| 367312| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1040| ocapires.dll| 16.0.4483.1000| 71880| | \nlync.ocapires.dll_1040| ocapires.dll| 16.0.4483.1000| 71880| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1040| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_1040| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1041| lyncdesktopresources.dll| 16.0.4588.1000| 369360| | \nlync.lyncdesktopresour.dll_1041| lyncdesktopresources.dll| 16.0.4588.1000| 369360| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1041| ocapires.dll| 16.0.4483.1000| 74448| | \nlync.ocapires.dll_1041| ocapires.dll| 16.0.4483.1000| 74448| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1041| ucaddinres.dll| 16.0.4561.1000| 167632| | \nlync.ucaddinres.dll_1041| ucaddinres.dll| 16.0.4561.1000| 167632| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1087| lyncdesktopresources.dll| 16.0.4588.1000| 391368| | \nlync.lyncdesktopresour.dll_1087| lyncdesktopresources.dll| 16.0.4588.1000| 391368| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1087| ocapires.dll| 16.0.4483.1000| 82632| | \nlync.ocapires.dll_1087| ocapires.dll| 16.0.4483.1000| 82632| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1087| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1087| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1087| uccapires.dll| 16.0.4522.1000| 1294528| | \nlync.uccapires.dll_1087| uccapires.dll| 16.0.4522.1000| 1294528| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| | \nlync.lyncdesktopresour.dll_1042| lyncdesktopresources.dll| 16.0.4588.1000| 363720| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1042| ocapires.dll| 16.0.4483.1000| 72896| | \nlync.ocapires.dll_1042| ocapires.dll| 16.0.4483.1000| 72896| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1042| ucaddinres.dll| 16.0.4561.1000| 167112| | \nlync.ucaddinres.dll_1042| ucaddinres.dll| 16.0.4561.1000| 167112| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| | \nlync.lyncdesktopresour.dll_1063| lyncdesktopresources.dll| 16.0.4588.1000| 368824| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1063| ocapires.dll| 16.0.4483.1000| 74424| | \nlync.ocapires.dll_1063| ocapires.dll| 16.0.4483.1000| 74424| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1063| ocpubres.dll| 16.0.4483.1000| 1514168| | \nlync.ocpubres.dll_1063| ocpubres.dll| 16.0.4483.1000| 1514168| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1063| ucaddinres.dll| 16.0.4561.1000| 179384| | \nlync.ucaddinres.dll_1063| ucaddinres.dll| 16.0.4561.1000| 179384| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1062| lyncdesktopresources.dll| 16.0.4588.1000| 370352| | \nlync.lyncdesktopresour.dll_1062| lyncdesktopresources.dll| 16.0.4588.1000| 370352| 24-Aug-17| 05:01 \nlync.ocapires.dll.x64.1062| ocapires.dll| 16.0.4534.1000| 74928| | \nlync.ocapires.dll_1062| ocapires.dll| 16.0.4534.1000| 74928| 24-Aug-17| 05:01 \nlync.ocpubres.dll.x64.1062| ocpubres.dll| 16.0.4534.1000| 1514672| | \nlync.ocpubres.dll_1062| ocpubres.dll| 16.0.4534.1000| 1514672| 24-Aug-17| 05:01 \nlync.ucaddinres.dll.x64.1062| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1062| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:01 \nlync.uccapires.dll.x64.1062| uccapires.dll| 16.0.4534.1000| 1295024| | \nlync.uccapires.dll_1062| uccapires.dll| 16.0.4534.1000| 1295024| 24-Aug-17| 05:01 \nlync.lyncdesktopresour.dll.x64.1086| lyncdesktopresources.dll| 16.0.4588.1000| 360136| | \nlync.lyncdesktopresour.dll_1086| lyncdesktopresources.dll| 16.0.4588.1000| 360136| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1086| ocapires.dll| 16.0.4483.1000| 71368| | \nlync.ocapires.dll_1086| ocapires.dll| 16.0.4483.1000| 71368| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1086| ocpubres.dll| 16.0.4324.1000| 1514184| | \nlync.ocpubres.dll_1086| ocpubres.dll| 16.0.4324.1000| 1514184| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1086| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1086| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1044| lyncdesktopresources.dll| 16.0.4588.1000| 352464| | \nlync.lyncdesktopresour.dll_1044| lyncdesktopresources.dll| 16.0.4588.1000| 352464| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1044| ocapires.dll| 16.0.4483.1000| 70856| | \nlync.ocapires.dll_1044| ocapires.dll| 16.0.4483.1000| 70856| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1044| ucaddinres.dll| 16.0.4561.1000| 177352| | \nlync.ucaddinres.dll_1044| ucaddinres.dll| 16.0.4561.1000| 177352| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| | \nlync.lyncdesktopresour.dll_1043| lyncdesktopresources.dll| 16.0.4588.1000| 367832| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1043| ocapires.dll| 16.0.4516.1000| 74456| | \nlync.ocapires.dll_1043| ocapires.dll| 16.0.4516.1000| 74456| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1043| ucaddinres.dll| 16.0.4561.1000| 180952| | \nlync.ucaddinres.dll_1043| ucaddinres.dll| 16.0.4561.1000| 180952| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1045| lyncdesktopresources.dll| 16.0.4588.1000| 382144| | \nlync.lyncdesktopresour.dll_1045| lyncdesktopresources.dll| 16.0.4588.1000| 382144| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1045| ocapires.dll| 16.0.4483.1000| 79552| | \nlync.ocapires.dll_1045| ocapires.dll| 16.0.4483.1000| 79552| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1045| ocpubres.dll| 16.0.4483.1000| 1516736| | \nlync.ocpubres.dll_1045| ocpubres.dll| 16.0.4483.1000| 1516736| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1045| ucaddinres.dll| 16.0.4561.1000| 180928| | \nlync.ucaddinres.dll_1045| ucaddinres.dll| 16.0.4561.1000| 180928| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| | \nlync.lyncdesktopresour.dll_1046| lyncdesktopresources.dll| 16.0.4588.1000| 368336| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1046| ocapires.dll| 16.0.4534.1000| 72912| | \nlync.ocapires.dll_1046| ocapires.dll| 16.0.4534.1000| 72912| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1046| ucaddinres.dll| 16.0.4561.1000| 179920| | \nlync.ucaddinres.dll_1046| ucaddinres.dll| 16.0.4561.1000| 179920| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| | \nlync.lyncdesktopresour.dll_2070| lyncdesktopresources.dll| 16.0.4588.1000| 371920| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.2070| ocapires.dll| 16.0.4483.1000| 73424| | \nlync.ocapires.dll_2070| ocapires.dll| 16.0.4483.1000| 73424| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2070| ucaddinres.dll| 16.0.4561.1000| 180432| | \nlync.ucaddinres.dll_2070| ucaddinres.dll| 16.0.4561.1000| 180432| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| | \nlync.lyncdesktopresour.dll_1048| lyncdesktopresources.dll| 16.0.4588.1000| 389328| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1048| ocapires.dll| 16.0.4483.1000| 80592| | \nlync.ocapires.dll_1048| ocapires.dll| 16.0.4483.1000| 80592| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1048| ocpubres.dll| 16.0.4534.1000| 1517264| | \nlync.ocpubres.dll_1048| ocpubres.dll| 16.0.4534.1000| 1517264| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1048| ucaddinres.dll| 16.0.4561.1000| 180424| | \nlync.ucaddinres.dll_1048| ucaddinres.dll| 16.0.4561.1000| 180424| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| | \nlync.lyncdesktopresour.dll_1049| lyncdesktopresources.dll| 16.0.4588.1000| 372424| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1049| ocapires.dll| 16.0.4471.1000| 75968| | \nlync.ocapires.dll_1049| ocapires.dll| 16.0.4471.1000| 75968| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1049| ocpubres.dll| 16.0.4549.1000| 1514696| | \nlync.ocpubres.dll_1049| ocpubres.dll| 16.0.4549.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1049| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1049| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1049| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1049| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1051| lyncdesktopresources.dll| 16.0.4588.1000| 385232| | \nlync.lyncdesktopresour.dll_1051| lyncdesktopresources.dll| 16.0.4588.1000| 385232| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1051| ocapires.dll| 16.0.4483.1000| 79056| | \nlync.ocapires.dll_1051| ocapires.dll| 16.0.4483.1000| 79056| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1051| ocpubres.dll| 16.0.4483.1000| 1514696| | \nlync.ocpubres.dll_1051| ocpubres.dll| 16.0.4483.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1051| ucaddinres.dll| 16.0.4561.1000| 179408| | \nlync.ucaddinres.dll_1051| ucaddinres.dll| 16.0.4561.1000| 179408| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1051| uccapires.dll| 16.0.4522.1000| 1295560| | \nlync.uccapires.dll_1051| uccapires.dll| 16.0.4522.1000| 1295560| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| | \nlync.lyncdesktopresour.dll_1060| lyncdesktopresources.dll| 16.0.4588.1000| 366280| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1060| ocapires.dll| 16.0.4483.1000| 73416| | \nlync.ocapires.dll_1060| ocapires.dll| 16.0.4483.1000| 73416| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1060| ocpubres.dll| 16.0.4483.1000| 1514696| | \nlync.ocpubres.dll_1060| ocpubres.dll| 16.0.4483.1000| 1514696| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1060| ucaddinres.dll| 16.0.4561.1000| 179400| | \nlync.ucaddinres.dll_1060| ucaddinres.dll| 16.0.4561.1000| 179400| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| | \nlync.lyncdesktopresour.dll_2074| lyncdesktopresources.dll| 16.0.4579.1000| 361160| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2074| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_2074| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.9242| lyncdesktopresources.dll| 16.0.4588.1000| 365240| | \nlync.lyncdesktopresour.dll_9242| lyncdesktopresources.dll| 16.0.4588.1000| 365240| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.9242| ocapires.dll| 16.0.4483.1000| 73400| | \nlync.ocapires.dll_9242| ocapires.dll| 16.0.4483.1000| 73400| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.9242| ucaddinres.dll| 16.0.4561.1000| 178360| | \nlync.ucaddinres.dll_9242| ucaddinres.dll| 16.0.4561.1000| 178360| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| | \nlync.lyncdesktopresour.dll_1053| lyncdesktopresources.dll| 16.0.4588.1000| 355520| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1053| ocapires.dll| 16.0.4483.1000| 71360| | \nlync.ocapires.dll_1053| ocapires.dll| 16.0.4483.1000| 71360| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1053| ocpubres.dll| 16.0.4522.1000| 1515200| | \nlync.ocpubres.dll_1053| ocpubres.dll| 16.0.4522.1000| 1515200| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1053| ucaddinres.dll| 16.0.4561.1000| 177856| | \nlync.ucaddinres.dll_1053| ucaddinres.dll| 16.0.4561.1000| 177856| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1054| lyncdesktopresources.dll| 16.0.4588.1000| 369872| | \nlync.lyncdesktopresour.dll_1054| lyncdesktopresources.dll| 16.0.4588.1000| 369872| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1054| ocapires.dll| 16.0.4483.1000| 74960| | \nlync.ocapires.dll_1054| ocapires.dll| 16.0.4483.1000| 74960| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.1054| ocpubres.dll| 16.0.4483.1000| 1512136| | \nlync.ocpubres.dll_1054| ocpubres.dll| 16.0.4483.1000| 1512136| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1054| ucaddinres.dll| 16.0.4561.1000| 176848| | \nlync.ucaddinres.dll_1054| ucaddinres.dll| 16.0.4561.1000| 176848| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1055| lyncdesktopresources.dll| 16.0.4588.1000| 377536| | \nlync.lyncdesktopresour.dll_1055| lyncdesktopresources.dll| 16.0.4588.1000| 377536| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1055| ocapires.dll| 16.0.4471.1000| 77496| | \nlync.ocapires.dll_1055| ocapires.dll| 16.0.4471.1000| 77496| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1055| ucaddinres.dll| 16.0.4561.1000| 178872| | \nlync.ucaddinres.dll_1055| ucaddinres.dll| 16.0.4561.1000| 178872| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| | \nlync.lyncdesktopresour.dll_1058| lyncdesktopresources.dll| 16.0.4588.1000| 378056| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1058| ocapires.dll| 16.0.4471.1000| 76992| | \nlync.ocapires.dll_1058| ocapires.dll| 16.0.4471.1000| 76992| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1058| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1058| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.uccapires.dll.x64.1058| uccapires.dll| 16.0.4522.1000| 1295552| | \nlync.uccapires.dll_1058| uccapires.dll| 16.0.4522.1000| 1295552| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1066| lyncdesktopresources.dll| 16.0.4588.1000| 393928| | \nlync.lyncdesktopresour.dll_1066| lyncdesktopresources.dll| 16.0.4588.1000| 393928| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1066| ocapires.dll| 16.0.4483.1000| 81104| | \nlync.ocapires.dll_1066| ocapires.dll| 16.0.4483.1000| 81104| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1066| ucaddinres.dll| 16.0.4561.1000| 179912| | \nlync.ucaddinres.dll_1066| ucaddinres.dll| 16.0.4561.1000| 179912| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| | \nlync.lyncdesktopresour.dll_2052| lyncdesktopresources.dll| 16.0.4588.1000| 338640| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.2052| ocapires.dll| 16.0.4516.1000| 66768| | \nlync.ocapires.dll_2052| ocapires.dll| 16.0.4516.1000| 66768| 24-Aug-17| 05:02 \nlync.ocpubres.dll.x64.2052| ocpubres.dll| 16.0.4483.1000| 1498832| | \nlync.ocpubres.dll_2052| ocpubres.dll| 16.0.4483.1000| 1498832| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.2052| ucaddinres.dll| 16.0.4561.1000| 164040| | \nlync.ucaddinres.dll_2052| ucaddinres.dll| 16.0.4561.1000| 164040| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| | \nlync.lyncdesktopresour.dll_1028| lyncdesktopresources.dll| 16.0.4588.1000| 339144| 24-Aug-17| 05:02 \nlync.ocapires.dll.x64.1028| ocapires.dll| 16.0.4483.1000| 66752| | \nlync.ocapires.dll_1028| ocapires.dll| 16.0.4483.1000| 66752| 24-Aug-17| 05:02 \nlync.ucaddinres.dll.x64.1028| ucaddinres.dll| 16.0.4561.1000| 164032| | \nlync.ucaddinres.dll_1028| ucaddinres.dll| 16.0.4561.1000| 164032| 24-Aug-17| 05:02 \nlync.lyncdesktopresour.dll.x64.1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| | \nlync.lyncdesktopresour.dll_1033| lyncdesktopresources.dll| 16.0.4579.1000| 348872| 24-Aug-17| 04:58 \nlync.ocapires.dll.x64.1033| ocapires.dll| 16.0.4462.1000| 68808| | \nlync.ocapires.dll_1033| ocapires.dll| 16.0.4462.1000| 68808| 24-Aug-17| 04:58 \nlync.ocpubres.dll.x64.1033| ocpubres.dll| 16.0.4462.1000| 1512656| | \nlync.ocpubres.dll_1033| ocpubres.dll| 16.0.4462.1000| 1512656| 24-Aug-17| 04:58 \nlync.ucaddinres.dll.x64.1033| ucaddinres.dll| 16.0.4561.1000| 175816| | \nlync.ucaddinres.dll_1033| ucaddinres.dll| 16.0.4561.1000| 175816| 24-Aug-17| 04:58 \nlync.appsharinghookcontroller64.exe.x64| appsharinghookcontroller64.exe| 16.0.4480.1000| 48336| 24-Aug-17| 04:53 \nlync.appsharingmediapr.dll| appsharingmediaprovider.dll| 16.0.4585.1000| 159440| 24-Aug-17| 04:59 \nautohelper.dll| autohelper.dll| 16.0.4582.1000| 107728| 24-Aug-17| 04:52 \nlync.lync.exe| lync.exe| 16.0.4588.1000| 27054800| 24-Aug-17| 04:59 \nlync.man| lync.exe.manifest| | 3278| 24-Aug-17| 04:59 \nlync.lync99.exe| lync99.exe| 16.0.4585.1000| 769744| 24-Aug-17| 04:59 \nlync.lyncdesktopsmartbitmapresources.dll| lyncdesktopsmartbitmapresources.dll| | 39311048| 24-Aug-17| 04:59 \nlync.lyncdesktopviewmo.dll| lyncdesktopviewmodel.dll| 16.0.4585.1000| 17263312| 24-Aug-17| 04:59 \nlync.lyncmodelproxy.dll| lyncmodelproxy.dll| 16.0.4582.1000| 2152656| 24-Aug-17| 04:59 \nlync.meetingjoinaxoc.dll| meetingjoinaxoc.dll| 16.0.4480.1000| 92880| 24-Aug-17| 04:59 \nlync.meetingjoinaxoc.dll.x64| meetingjoinaxoc.dll| 16.0.4480.1000| 92880| | \nlync.ochelper.dll| ochelper.dll| 16.0.4585.1000| 236752| 24-Aug-17| 04:59 \nlync.ochelper.dll.x64| ochelper.dll| 16.0.4585.1000| 236752| | \nlync.ocimport.dll| ocimport.dll| 16.0.4585.1000| 1070856| 24-Aug-17| 04:59 \nlync.ocoffice.dll| ocoffice.dll| 16.0.4588.1000| 648392| 24-Aug-17| 04:59 \nlync.ocpubmgr.exe| ocpubmgr.exe| 16.0.4585.1000| 1977136| 24-Aug-17| 04:59 \nlync.ocrec.dll| ocrec.dll| 16.0.4585.1000| 904400| 24-Aug-17| 04:59 \nlync.psom.dll| psom.dll| 16.0.4585.1000| 1389264| 24-Aug-17| 04:59 \nlync.mlmodel.zip| microsoft.lync.model.zip| | 86714| 24-Aug-17| 04:59 \nlync.uc.dll| uc.dll| 16.0.4585.1000| 39769928| 24-Aug-17| 04:59 \nlync.ucaddin.dll| ucaddin.dll| 16.0.4561.1000| 1484496| 24-Aug-17| 04:59 \nlync.uccapi.dll| uccapi.dll| 16.0.4585.1000| 10152712| 24-Aug-17| 04:59 \nlync.ucmapi.exe| ucmapi.exe| 16.0.4585.1000| 1299664| 24-Aug-17| 04:59 \nlync.win32msgqueue.dll| win32msgqueue.dll| 16.0.4585.1000| 105736| 24-Aug-17| 04:59 \nlync.appsharinghookcontroller.exe.x86| appsharinghookcontroller.exe| 16.0.4432.1000| 42704| 24-Aug-17| 04:52 \nautohelper.dll| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:52 \nautohelper.dll.x86| autohelper.dll| 16.0.4585.1000| 85200| 24-Aug-17| 04:59 \nlync.npmeetingjoinpluginoc.dll.x86| npmeetingjoinpluginoc.dll| 16.0.4288.1000| 39192| 24-Aug-17| 04:52 \nf_propertymodel| propertymodel.dll| 16.0.4288.1000| 1361504| | \nlync.e.propertymodel.dll| propertymodel.dll| 16.0.4288.1000| 1361504| 24-Aug-17| 04:59 \nf_propertymodelproxy| propertymodelproxy.dll| 16.0.4288.1000| 494272| | \nlync.propertymodelprox.dll| propertymodelproxy.dll| 16.0.4288.1000| 494272| 24-Aug-17| 04:59 \nlync.appshapi.dll| appshapi.dll| 5.0.8308.902| 3197736| 24-Aug-17| 04:59 \nlync.appshcom.dll| appshcom.dll| 5.0.8308.902| 361256| 24-Aug-17| 04:59 \nlync.appshvw.dll| appshvw.dll| 5.0.8308.902| 3413800| 24-Aug-17| 04:59 \nlync.rtmcodecs.dll| rtmcodecs.dll| 6.0.8953.268| 3836560| 24-Aug-17| 04:59 \nlync.rtmmediamanager.dll| rtmmediamanager.dll| 6.0.8953.268| 784528| 24-Aug-17| 04:59 \nlync.rtmmvras.dll| rtmmvras.dll| 6.0.8953.268| 80528| 24-Aug-17| 04:59 \nlync.rtmmvrcs.dll| rtmmvrcs.dll| 6.0.8953.268| 56464| 24-Aug-17| 04:59 \nlync.rtmmvrhw.dll| rtmmvrhw.dll| 6.0.8953.268| 75408| 24-Aug-17| 04:59 \nlync.rtmmvrsplitter.dll| rtmmvrsplitter.dll| 6.0.8953.268| 42640| 24-Aug-17| 04:59 \nlync.rtmpal.dll| rtmpal.dll| 6.0.8953.268| 2973328| 24-Aug-17| 04:59 \nlync.rtmpltfm.dll| rtmpltfm.dll| 6.0.8953.268| 9369744| 24-Aug-17| 04:59 \nlync.vc1decodermftdll.dll| rtmvc1decmft.dll| 6.0.8953.268| 354448| 24-Aug-17| 04:59 \nlync.ssscreenvvs.dll| ssscreenvvs.dll| 6.0.8953.268| 156816| 24-Aug-17| 04:59 \nlync.ocintldate.dll| ocintldate.dll| 6.0.8939.40| 99008| 24-Aug-17| 04:59 \nlync.ocmsptls.dll| ocmsptls.dll| 6.0.8939.40| 1103032| 24-Aug-17| 04:59 \nlync.ocogl.dll| ocogl.dll| 6.0.8939.40| 2077352| 24-Aug-17| 04:59 \nlync.ocpptview.dll| ocpptview.dll| 6.0.8939.40| 2489528| 24-Aug-17| 04:59 \nlync.ocppvwintl.dll| ocppvwintl.dll| 6.0.8939.40| 350912| 24-Aug-17| 04:59 \nlync.ocsaext.dll| ocsaext.dll| 6.0.8939.40| 332976| 24-Aug-17| 04:59 \nlync.lynchtmlconv.exe| lynchtmlconv.exe| 16.0.4588.1000| 12027080| 24-Aug-17| 04:59 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Skype: [Skype User Voice portal](<https://skype.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Skype for Business 2016: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8676", "CVE-2017-8695", "CVE-2017-8696"], "modified": "2017-09-12T07:00:00", "id": "KB4011040", "href": "https://support.microsoft.com/en-us/help/4011040", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:15:50", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>) and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 1 for Microsoft Office Web Apps Server 2013](<http://support.microsoft.com/kb/2880558>) installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issue:\n\n * Improve the translation of the notification message when an operation takes longer than 10 seconds in Excel Online.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213562>) website.\n\n### Method 2: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213562 for the 64-bit version of Office Web Apps Server 2013](<http://www.microsoft.com/download/details.aspx?familyid=2148c1a7-92ae-481b-9305-a9f2231ec46e>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nwacserver2013-kb3213562-fullfile-x64-glb.exe| A56B2443AE7317B2F4E34566B165803D3012C6D8| DDA2938E4216283630AD12033EC6D50842DA30CC1295A17D921C14825D26BC31 \n \n### File information\n\nFor the list of files that cumulative update 3213562 contains, download the [file information for update 3213562](<http://download.microsoft.com/download/f/f/d/ffd33910-893d-4d97-ace7-352a492762b7/3213562.csv>).\n\n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on SharePoint: [SharePoint User Voice portal](<http://sharepoint.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Office Web Apps Server 2013: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8742"], "modified": "2017-09-12T07:00:00", "id": "KB3213562", "href": "https://support.microsoft.com/en-us/help/3213562", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:33", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for SharePoint Server 2010 Office Web Apps](<http://support.microsoft.com/kb/2687470>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3213632>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB3213632 for the 64-bit version of SharePoint Server 2010 Office Web Apps](<http://www.microsoft.com/download/details.aspx?familyid=4adf8370-4702-4957-9c56-0634f5f32dc1>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nwac2010-kb3213632-fullfile-x64-glb.exe| 0C7D7F509E2EF676F335FC6A4B8E420133DB102B| B78F6540596E6E94618C2D71381DED007C1E147E3D4AC6FC266648782CCDEFF8 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x64-based versions of SharePoint Server 2010 Office Web Apps| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nadmin.createeditwsapp.aspx| createeditwordserviceapp.aspx| | 6,045| 12-Feb-2013| 10:19 \nadmin.ovsconfig.aspx| ovsconfig.aspx| | 8,316| 12-Feb-2013| 10:19 \narialn.ttf| arialn.ttf| | 175,956| 02-Oct-2014| 07:03 \narialnb.ttf| arialnb.ttf| | 180,740| 02-Oct-2014| 07:03 \narialnbi.ttf| arialnbi.ttf| | 180,084| 02-Oct-2014| 07:03 \narialni.ttf| arialni.ttf| | 181,124| 02-Oct-2014| 07:03 \nbootedit.js| bootedit.js| | 841,280| 31-Jan-2014| 08:49 \nbootview.js| bootview.js| | 692,227| 01-Nov-2012| 07:56 \newa.js| ewa.js| | 760,645| 15-Mar-2017| 03:05 \ngetdata.ashx| | | 232| 08-Dec-2010| 08:02 \nmicrosoft.office.server.powerpoint.pipe.adjacency.thmx| | | 53,418| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.angles.thmx| | | 69,784| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.apex.thmx| | | 259,111| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.apothecary.thmx| | | 88,662| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.aspect.thmx| | | 68,069| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.austin.thmx| | | 95,803| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.blacktie.thmx| | | 655,107| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.calligraphy.thmx| | | 176,244| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.civic.thmx| | | 101,393| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.clarity.thmx| | | 67,060| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.composite.thmx| | | 568,653| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.concourse.thmx| | | 74,765| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.couture.thmx| | | 2,003,652| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.crane.thmx| | | 179,179| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.decatur.thmx| | | 156,954| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.dragon.thmx| | | 226,696| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.elemental.thmx| | | 349,663| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.equity.thmx| | | 69,473| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.essential.thmx| | | 49,784| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.executive.thmx| | | 55,112| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.fan.thmx| | | 165,690| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.flow.thmx| | | 65,704| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.foundry.thmx| | | 63,508| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.grace.thmx| | | 315,975| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.grid.thmx| | | 53,984| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.hardcover.thmx| | | 393,281| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.horizon.thmx| | | 245,451| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.hunting.thmx| | | 149,384| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.interface.dll| microsoft.office.server.powerpoint.pipe.interface.dll| 14.0.7123.5001| 43,712| 22-Apr-2014| 07:34 \nmicrosoft.office.server.powerpoint.pipe.kilter.thmx| | | 86,347| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.macro.thmx| | | 202,511| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.median.thmx| | | 83,623| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.metro.thmx| | | 80,625| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.module.thmx| | | 88,122| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.mylar.thmx| | | 270,123| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.newsprint.thmx| | | 617,159| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.opulent.thmx| | | 78,521| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.oriel.thmx| | | 93,940| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.origin.thmx| | | 87,051| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.paper.thmx| | | 270,822| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.perspective.thmx| | | 53,594| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.phoenix.thmx| | | 153,672| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.pushpin.thmx| | | 825,294| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.scrollwork.thmx| | | 167,498| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.sketchbook.thmx| | | 980,113| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.slipstream.thmx| | | 67,304| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.soho.thmx| | | 856,015| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.solstice.thmx| | | 74,912| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.springtime.thmx| | | 577,009| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.summer.thmx| | | 75,155| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.technic.thmx| | | 68,995| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.thatch.thmx| | | 89,461| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.tradeshow.thmx| | | 56,683| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.trek.thmx| | | 172,604| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.urban.thmx| | | 64,624| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.urbanpop.thmx| | | 113,739| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.verve.thmx| | | 75,264| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.waveform.thmx| | | 181,889| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.windinthepines.thmx| | | 568,923| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.wistaria.thmx| | | 416,280| 08-Dec-2010| 07:49 \nmicrosoft.office.server.powerpoint.pipe.wrapper.thmx| | | 156,519| 08-Dec-2010| 07:49 \nmicrosoft.office.web.common.dll| microsoft.office.web.common.dll| 14.0.7102.5000| 1,145,536| 23-May-2013| 09:46 \nmicrosoft.office.web.common.intl.resources.dll_1033| microsoft.office.web.common.intl.resources.dll| 14.0.6015.1000| 22,400| 21-Dec-2010| 11:44 \nmicrosoft.office.web.csiwrapper.dll| microsoft.office.web.csiwrapper.dll| 14.0.7159.5000| 2,366,048| 03-Sep-2015| 11:45 \nmicrosoft.office.web.environment.sharepoint.dll| microsoft.office.web.environment.sharepoint.dll| 14.0.7130.5000| 858,808| 16-Jul-2014| 03:17 \nmicrosoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nmicrosoft.office.web.mobilewordviewer.dll| microsoft.office.web.mobilewordviewer.dll| 14.0.7160.5000| 117,440| 16-Sep-2015| 12:19 \nmicrosoft.office.web.nativeutils.dll| microsoft.office.web.nativeutils.dll| 14.0.7104.5000| 172,224| 26-Jun-2013| 05:09 \nmicrosoft.office.web.sandbox.dll| microsoft.office.web.sandbox.dll| 14.0.7008.1000| 126,576| 09-Jan-2013| 08:45 \nmimagehandler.ashx| mimagehandler.ashx| | 286| 12-Feb-2013| 10:30 \nmppt.aspx| mppt.aspx| | 568| 12-Feb-2013| 10:30 \nmpptbroadcast.aspx| mpptbroadcast.aspx| | 4,994| 12-Feb-2013| 10:32 \npowerpoint.aspx| powerpoint.aspx| | 2,840| 12-Feb-2013| 10:32 \npowerpointapplicationproperties.aspx| powerpointapplicationproperties.aspx| | 6,311| 12-Feb-2013| 10:30 \npowerpointbroadcasthostdisco.aspx| powerpointbroadcasthostdisco.aspx| | 1,364| 12-Feb-2013| 10:31 \npowerpointbroadcasthostwsdl.aspx| powerpointbroadcasthostwsdl.aspx| | 6,999| 12-Feb-2013| 10:31 \npowerpointbroadcasthost_1_0disco.aspx| powerpointbroadcasthost_1_0disco.aspx| | 1,372| 12-Feb-2013| 10:31 \npowerpointbroadcasthost_1_0wsdl.aspx| powerpointbroadcasthost_1_0wsdl.aspx| | 15,609| 12-Feb-2013| 10:32 \npowerpointframe.aspx| powerpointframe.aspx| | 2,019| 12-Feb-2013| 10:30 \npowerpointintl.js| | | 62,880| 08-Dec-2010| 08:03 \npowerpointintl.js_1033| powerpointintl.js| | 62,880| 08-Dec-2010| 08:03 \npowerpointservicemanage.aspx| powerpointservicemanage.aspx| | 6,391| 12-Feb-2013| 10:30 \nppt.autofademsgbg.png| | | 195| 03-Sep-2009| 04:01 \nppt.autofademsgbg.png_1033| autofademsgbg.png| | 195| 03-Sep-2009| 04:01 \nppt.blank.png| | | 89| 03-Sep-2009| 04:01 \nppt.blank.png_1033| blank.png| | 89| 03-Sep-2009| 04:01 \nppt.broadcastsitetemplate.default.aspx| default.aspx| | 3,329| 12-Feb-2013| 10:30 \nppt.cluster.css| | | 14,462| 08-Dec-2010| 04:41 \nppt.cluster.css_1033| powerpointimagecluster.css| | 14,462| 08-Dec-2010| 04:41 \nppt.conversion.cultures.office.odf| office.odf| 14.0.7130.5000| 4,300,456| 16-Jul-2014| 01:52 \nppt.edit.exp_pdf_server.dll| exp_pdf_server.dll| 14.0.7180.5000| 141,040| 15-Mar-2017| 01:26 \nppt.edit.exp_xps_server.dll| exp_xps_server.dll| 14.0.7180.5000| 82,672| 15-Mar-2017| 01:26 \nppt.edit.gfxserver.dll| gfxserver.dll| 14.0.7180.5000| 2,547,432| 15-Mar-2017| 01:32 \nppt.edit.microsoft.office.server.powerpoint.core.webedit.dll| microsoft.office.server.powerpoint.core.webedit.dll| 14.0.7152.5000| 103,080| 27-May-2015| 03:25 \nppt.edit.microsoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nppt.edit.msores.dll| msores.dll| 14.0.7109.5000| 72,524,480| 06-Sep-2013| 01:37 \nppt.edit.msoserver.dll| msoserver.dll| 14.0.7188.5000| 21,359,872| 24-Aug-2017| 07:47 \nppt.edit.msptls.dll| msptls.dll| 14.0.7164.5000| 1,199,296| 11-Nov-2015| 09:06 \nppt.edit.oartserver.dll| oartserver.dll| 14.0.7180.5000| 29,851,880| 15-Mar-2017| 02:20 \nppt.edit.ogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nppt.edit.ppserver.dll| ppserver.dll| 14.0.7188.5000| 6,842,056| 24-Aug-2017| 08:56 \nppt.edit.riched20.dll| riched20.dll| 14.0.7155.5000| 1,865,384| 16-Jul-2015| 09:29 \nppt.edit.wac_usp10.dll_0002| usp10.dll| 1.0626.7601.23883 (win7sp1_ldr.170803-0600)| 829,104| 27-Aug-2017| 09:08 \nppt.gkpowerpoint.dll| gkpowerpoint.dll| 14.0.7170.5000| 2,800,896| 18-May-2016| 06:13 \nppt.hdot.png| | | 125| 03-Sep-2009| 04:02 \nppt.hdot.png_1033| hdot.png| | 125| 03-Sep-2009| 04:02 \nppt.layoutthumbs.png| | | 7,524| 08-Dec-2010| 04:42 \nppt.layoutthumbs.png_1033| layoutthumbs.png| | 7,524| 08-Dec-2010| 04:42 \nppt.microsoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nppt.navtoolbarbg.png| | | 2,828| 03-Sep-2009| 04:02 \nppt.navtoolbarbg.png_1033| navtoolbarbg.png| | 2,828| 03-Sep-2009| 04:02 \nppt.office.exp_pdf_server.dll| exp_pdf_server.dll| 14.0.7180.5000| 141,040| 15-Mar-2017| 01:26 \nppt.office.exp_xps_server.dll| exp_xps_server.dll| 14.0.7180.5000| 82,672| 15-Mar-2017| 01:26 \nppt.office.gfxserver.dll| gfxserver.dll| 14.0.7180.5000| 2,547,432| 15-Mar-2017| 01:32 \nppt.office.msores.dll| msores.dll| 14.0.7109.5000| 72,524,480| 06-Sep-2013| 01:37 \nppt.office.msoserver.dll| msoserver.dll| 14.0.7188.5000| 21,359,872| 24-Aug-2017| 07:47 \nppt.office.msptls.dll| msptls.dll| 14.0.7164.5000| 1,199,296| 11-Nov-2015| 09:06 \nppt.office.oartserver.dll| oartserver.dll| 14.0.7180.5000| 29,851,880| 15-Mar-2017| 02:20 \nppt.office.ogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nppt.office.riched20.dll| riched20.dll| 14.0.7155.5000| 1,865,384| 16-Jul-2015| 09:29 \nppt.pat.png| | | 14,172| 18-Sep-2009| 07:59 \nppt.pat.png_1033| pat.png| | 14,172| 18-Sep-2009| 07:59 \nppt.peat.png| | | 558,856| 08-Dec-2010| 04:41 \nppt.pegal.png| | | 138,972| 03-Sep-2009| 04:03 \nppt.pegal.png_1033| pegal.png| | 138,972| 03-Sep-2009| 04:03 \nppt.per.png| | | 80,683| 08-Dec-2010| 04:45 \nppt.per.png_1033| per.png| | 80,683| 08-Dec-2010| 04:45 \nppt.phpreview.png| | | 1,311| 03-Sep-2009| 04:02 \nppt.phthumb.png| | | 367| 03-Sep-2009| 04:02 \nppt.ppserver.dll| ppserver.dll| 14.0.7188.5000| 6,842,056| 24-Aug-2017| 08:56 \nppt.pptbgx.png| | | 3,250| 03-Sep-2009| 04:03 \nppt.pptbgx.png_1033| pptbgx.png| | 3,250| 03-Sep-2009| 04:03 \nppt.ppteditorbggradient.png| | | 6,870| 03-Sep-2009| 04:02 \nppt.ppteditorbggradient.png_1033| ppteditorbggradient.png| | 6,870| 03-Sep-2009| 04:02 \nppt.pptviewerbggradient.png| | | 5,239| 03-Sep-2009| 04:02 \nppt.pptviewerbggradient.png_1033| pptviewerbggradient.png| | 5,239| 03-Sep-2009| 04:02 \nppt.pptviewernotesgradient.png| | | 2,813| 03-Sep-2009| 04:02 \nppt.pptviewernotesgradient.png_1033| pptviewernotesgradient.png| | 2,813| 03-Sep-2009| 04:02 \nppt.prt.png| | | 46,686| 08-Dec-2010| 04:45 \nppt.prt.png_1033| prt.png| | 46,686| 08-Dec-2010| 04:45 \nppt.rbgbbg.png| | | 173| 03-Sep-2009| 04:02 \nppt.rbgbbg.png_1033| rbgbbg.png| | 173| 03-Sep-2009| 04:02 \nppt.rbgrpbdr.png| | | 172| 03-Sep-2009| 04:02 \nppt.rbgrpbdr.png_1033| rbgrpbdr.png| | 172| 03-Sep-2009| 04:02 \nppt.ribbonbg.png| | | 3,052| 03-Sep-2009| 04:02 \nppt.ribbonbg.png_1033| ribbonbg.png| | 3,052| 03-Sep-2009| 04:02 \nppt.rmgrad16.png| | | 116| 18-Sep-2009| 07:58 \nppt.rmgrad16.png_1033| rmgrad16.png| | 116| 18-Sep-2009| 07:58 \nppt.rmgrad16rtl.png| | | 114| 18-Sep-2009| 07:58 \nppt.rmgrad16rtl.png_1033| rmgrad16rtl.png| | 114| 18-Sep-2009| 07:58 \nppt.rsempty.gif| | | 226| 03-Sep-2009| 04:02 \nppt.rsfull.gif| | | 342| 03-Sep-2009| 04:02 \nppt.rshalf.gif| | | 341| 03-Sep-2009| 04:02 \nppt.search.png| | | 3,369| 03-Sep-2009| 04:02 \nppt.slidemenusectionnormalbg| | | 2,815| 03-Sep-2009| 04:02 \nppt.slidemenusectionnormalbg_1033| slidemenusectionnormalbg.png| | 2,815| 03-Sep-2009| 04:02 \nppt.slidemenusectionselectedbg| | | 2,822| 03-Sep-2009| 04:02 \nppt.slidemenusectionselectedbg_1033| slidemenusectionselectedbg.png| | 2,822| 03-Sep-2009| 04:02 \nppt.slideshownext| | | 3,090| 03-Sep-2009| 04:02 \nppt.slideshownext_1033| slideshownext.png| | 3,090| 03-Sep-2009| 04:02 \nppt.slideshowprev| | | 3,079| 03-Sep-2009| 04:02 \nppt.slideshowprev_1033| slideshowprev.png| | 3,079| 03-Sep-2009| 04:02 \nppt.stylesedit.css| | | 26,470| 22-Dec-2010| 01:09 \nppt.stylesedit.css_1033| stylesedit.css| | 26,470| 22-Dec-2010| 01:09 \nppt.stylesread.css| | | 20,876| 22-Dec-2010| 01:09 \nppt.stylesread.css_1033| stylesread.css| | 20,876| 22-Dec-2010| 01:09 \nppt.stylesview.css| | | 19,715| 22-Dec-2010| 01:09 \nppt.stylesview.css_1033| stylesview.css| | 19,715| 22-Dec-2010| 01:09 \nppt.tabfade.png| | | 132| 03-Sep-2009| 04:02 \nppt.tabfade.png_1033| tabfade.png| | 132| 03-Sep-2009| 04:02 \nppt.toolbarbg.png| | | 3,078| 03-Sep-2009| 04:02 \nppt.toolbarbg.png_1033| toolbarbg.png| | 3,078| 03-Sep-2009| 04:02 \nppt.usp10.dll| usp10.dll| 1.0626.7601.23883 (win7sp1_ldr.170803-0600)| 829,104| 27-Aug-2017| 09:08 \nppt.vdot.png| | | 138| 03-Sep-2009| 04:02 \nppt.vdot.png_1033| vdot.png| | 138| 03-Sep-2009| 04:02 \nppt.webconversion.dll| microsoft.office.server.powerpoint.core.webconversion.dll| 14.0.7152.5000| 105,640| 27-May-2015| 03:25 \npresentdisco.aspx| presentdisco.aspx| | 1,332| 12-Feb-2013| 10:32 \npresentwsdl.aspx| presentwsdl.aspx| | 10,911| 12-Feb-2013| 10:32 \nprinthandler.ashx| | | 207| 08-Dec-2010| 08:01 \nwac.autocorrectlist.1039.js| | | 8,184| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1069.js| | | 3,546| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1087.js| | | 21,351| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1094.js| | | 4,755| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1095.js| | | 42,432| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1097.js| | | 10,257| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1098.js| | | 61,965| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1099.js| | | 28,188| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1102.js| | | 43,095| 12-Nov-2010| 11:50 \nwac.autocorrectlist.1106.js| | | 18,009| 12-Nov-2010| 11:50 \nwac.autocorrectlist.2068.js| | | 7,330| 12-Nov-2010| 11:50 \nwac.autocorrectlist.2074.js| | | 19,244| 12-Nov-2010| 11:50 \nwac.autocorrectlist.2108.js| | | 8,664| 12-Nov-2010| 11:50 \nwac.box4.js| box4.js| | 1,586,305| 12-Feb-2014| 07:06 \nwac.commonui.intl.images.dialogtitle.png_1033| dialogtitle.png| | 2,823| 03-Sep-2009| 04:01 \nwac.commonui.intl.images.favicon_onenote.ico_1033| favicon_onenote.ico| | 3,918| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.favicon_ppt.ico_1033| favicon_ppt.ico| | 3,918| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.favicon_word.ico_1033| favicon_word.ico| | 3,918| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.leftcontentside.png_1033| leftcontentside.png| | 457| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.progress.gif_1033| progress.gif| | 644| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.progress16.gif_1033| progress16.gif| | 473| 03-Sep-2009| 04:02 \nwac.commonui.intl.images.rightcontentside.png_1033| rightcontentside.png| | 424| 03-Sep-2009| 04:02 \nwac.conversion.cultures.office.odf| office.odf| 14.0.7130.5000| 4,300,456| 16-Jul-2014| 01:52 \nwac.conversion.proof.mshy2_ct.dll| mshy7ct.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_cz.dll| mshy7cz.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_da.dll| mshy7da.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_en.dll| mshy7en.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_en.lex| mshy7en.lex| 14.0.7001.1000| 475,648| 23-Aug-2012| 08:45 \nwac.conversion.proof.mshy2_es.dll| mshy7es.dll| 14.0.7005.1000| 224,360| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_fr.dll| mshy7fr.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_ge.dll| mshy7ge.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_it.dll| mshy7it.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_nb.dll| mshy7nb.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_nl.dll| mshy7nl.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_no.dll| mshy7no.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_pb.dll| mshy7pb.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_pl.dll| mshy7pl.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_pt.dll| mshy7pt.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_ru.dll| mshy7ru.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_sw.dll| mshy7sw.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.conversion.proof.mshy2_tr.dll| mshy7tr.dll| 14.0.7005.1000| 224,376| 31-Oct-2012| 07:46 \nwac.createnewdocument.aspx| createnewdocument.aspx| | 4,043| 12-Feb-2013| 10:19 \nwac.external.cui.js| cui.js| | 352,107| 31-Jan-2014| 07:14 \nwac.intl.box4intl.js_1033| box4intl.js| | 54,846| 22-Dec-2010| 12:56 \nwac.intl.commonintl.js_1033| commonintl.js| | 36,727| 21-Nov-2012| 05:00 \nwac.intl.cui.css_1033| cui.css| | 37,474| 21-Nov-2012| 01:02 \nwac.intl.cuioverride.css_1033| cuioverride.css| | 936| 21-Dec-2010| 11:26 \nwac.intl.cuitoolbar.css_1033| cuitoolbar.css| | 16,941| 21-Nov-2012| 01:02 \nwac.intl.debug.css_1033| debug.css| | 1,805| 03-Sep-2009| 08:51 \nwac.intl.editsurface.css_1033| editsurface.css| | 1,067| 08-Dec-2010| 06:52 \nwac.intl.frame.css_1033| frame.css| | 9,878| 08-Dec-2010| 06:26 \nwac.intl.onenote.css_1033| onenote.css| | 23,040| 08-Dec-2010| 06:52 \nwac.intl.rbgbbg.png_1033| rbgbbg.png| | 173| 03-Sep-2009| 04:02 \nwac.intl.rbgrpbdr.png_1033| rbgrpbdr.png| | 172| 03-Sep-2009| 04:02 \nwac.intl.ribbonbg.png_1033| ribbonbg.png| | 3,052| 03-Sep-2009| 04:02 \nwac.intl.rmgrad16.png_1033| rmgrad16.png| | 116| 18-Sep-2009| 07:58 \nwac.intl.rmgrad16rtl.png_1033| rmgrad16rtl.png| | 114| 18-Sep-2009| 07:58 \nwac.intl.tabfade.png_1033| tabfade.png| | 132| 03-Sep-2009| 04:02 \nwac.intl.toolbarbg.png_1033| toolbarbg.png| | 3,078| 03-Sep-2009| 04:02 \nwac.intl.word.css_1033| word.css| | 9,417| 08-Dec-2010| 06:52 \nwac.intl.wordviewerintl.js_1033| wac.intl.wordviewerintl.js_1033|wordviewerintl.js| | 6,184| 22-Dec-2010| 12:57 \nwac.livebooks.images.intl.activesectgradient.png_1033| activesectgradient.png| | 164| 03-Sep-2009| 04:01 \nwac.livebooks.images.intl.blank.png_1033| blank10x10.gif| | 49| 03-Sep-2009| 04:01 \nwac.livebooks.images.intl.columnselect.cur_1033| columnselect.cur| | 2,238| 03-Sep-2009| 04:01 \nwac.livebooks.images.intl.grabby.png_1033| grabby.png| | 112| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.navigationpanegradient.png_1033| navigationpanegradient.png| | 2,808| 22-Sep-2009| 03:56 \nwac.livebooks.images.intl.navigationpanegradient_rtl.png_1033| navigationpanegradient_rtl.png| | 2,824| 22-Sep-2009| 03:56 \nwac.livebooks.images.intl.phpreview.png_1033| phpreview.png| | 1,311| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.phthumb.png_1033| phthumb.png| | 367| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.resize.png_1033| resize.png| | 2,895| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.rsempty.gif_1033| rsempty.gif| | 226| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.rsfull.gif_1033| rsfull.gif| | 342| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.rshalf.gif_1033| rshalf.gif| | 341| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.search.png_1033| search.png| | 3,369| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.sectiongroupexithoverhs.png_1033| sectiongroupexithoverhs.png| | 270| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.sectiongroupexiths.png_1033| sectiongroupexiths.png| | 268| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.sectiongrouphs.png_1033| sectiongrouphs.png| | 488| 03-Sep-2009| 04:02 \nwac.livebooks.images.intl.squiggly.gif_1033| squiggly.gif| | 55| 03-Sep-2009| 04:02 \nwac.livebooks.notetags.intl.100_16_n.png_1033| 100_16_n.png| | 421| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.101_16_n.png_1033| 101_16_n.png| | 417| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.102_16_n.png_1033| 102_16_n.png| | 425| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.103_16_n.png_1033| 103_16_n.png| | 428| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.104_16_n.png_1033| 104_16_n.png| | 415| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.105_16_n.png_1033| 105_16_n.png| | 428| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.106_16_n.png_1033| 106_16_n.png| | 460| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.107_16_n.png_1033| 107_16_n.png| | 638| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.108_16_n.png_1033| 108_16_n.png| | 733| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.109_16_n.png_1033| 109_16_n.png| | 660| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.10_16_m.png_1033| 10_16_m.png| | 29,965| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.10_16_n.png_1033| 10_16_n.png| | 574| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.110_16_n.png_1033| 110_16_n.png| | 1,031| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.111_16_n.png_1033| 111_16_n.png| | 881| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.112_16_n.png_1033| 112_16_n.png| | 473| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.113_16_n.png_1033| 113_16_n.png| | 1,016| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.114_16_n.png_1033| 114_16_n.png| | 750| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.115_16_n.png_1033| 115_16_n.png| | 781| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.116_16_n.png_1033| 116_16_n.png| | 740| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.117_16_n.png_1033| 117_16_n.png| | 638| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.118_16_n.png_1033| 118_16_n.png| | 703| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.119_16_n.png_1033| 119_16_n.png| | 636| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.11_16_m.png_1033| 11_16_m.png| | 29,973| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.11_16_n.png_1033| 11_16_n.png| | 563| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.120_16_n.png_1033| 120_16_n.png| | 912| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.121_16_n.png_1033| 121_16_n.png| | 652| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.122_16_n.png_1033| 122_16_n.png| | 674| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.123_16_n.png_1033| 123_16_n.png| | 723| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.124_16_n.png_1033| 124_16_n.png| | 903| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.125_16_n.png_1033| 125_16_n.png| | 997| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.126_16_n.png_1033| 126_16_n.png| | 876| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.127_16_n.png_1033| 127_16_n.png| | 722| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.128_16_n.png_1033| 128_16_n.png| | 539| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.129_16_n.png_1033| 129_16_n.png| | 773| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.12_16_m.png_1033| 12_16_m.png| | 29,967| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.12_16_n.png_1033| 12_16_n.png| | 562| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.130_16_n.png_1033| 130_16_n.png| | 648| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.131_16_n.png_1033| 131_16_n.png| | 732| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.132_16_n.png_1033| 132_16_n.png| | 796| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.133_16_n.png_1033| 133_16_n.png| | 879| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.134_16_n.png_1033| 134_16_n.png| | 471| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.135_16_n.png_1033| 135_16_n.png| | 906| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.136_16_n.png_1033| 136_16_n.png| | 592| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.137_16_n.png_1033| 137_16_n.png| | 679| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.138_16_n.png_1033| 138_16_n.png| | 761| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.139_16_n.png_1033| 139_16_n.png| | 806| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.13_16_n.png_1033| 13_16_n.png| | 666| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.140_16_n.png_1033| 140_16_n.png| | 800| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.141_16_n.png_1033| 141_16_n.png| | 864| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.142_16_n.png_1033| 142_16_n.png| | 850| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.143_16_n.png_1033| 143_16_n.png| | 844| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.14_16_n.png_1033| 14_16_n.png| | 752| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.15_16_n.png_1033| 15_16_n.png| | 627| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.16_16_n.png_1033| 16_16_n.png| | 614| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.17_16_n.png_1033| 17_16_n.png| | 459| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.18_16_n.png_1033| 18_16_n.png| | 676| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.19_16_n.png_1033| 19_16_n.png| | 779| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.1_16_m.png_1033| 1_16_m.png| | 29,068| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.1_16_n.png_1033| 1_16_n.png| | 377| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.20_16_n.png_1033| 20_16_n.png| | 828| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.21_16_n.png_1033| 21_16_n.png| | 597| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.22_16_n.png_1033| 22_16_n.png| | 783| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.23_16_n.png_1033| 23_16_n.png| | 662| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.24_16_n.png_1033| 24_16_n.png| | 882| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.25_16_n.png_1033| 25_16_n.png| | 1,001| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.26_16_n.png_1033| 26_16_n.png| | 905| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.27_16_n.png_1033| 27_16_n.png| | 674| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.28_16_m.png_1033| 28_16_m.png| | 29,708| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.28_16_n.png_1033| 28_16_n.png| | 28,434| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.29_16_n.png_1033| 29_16_n.png| | 908| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.2_16_m.png_1033| 2_16_m.png| | 29,004| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.2_16_n.png_1033| 2_16_n.png| | 360| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.30_16_m.png_1033| 30_16_m.png| | 29,705| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.30_16_n.png_1033| 30_16_n.png| | 28,439| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.31_16_n.png_1033| 31_16_n.png| | 948| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.32_16_m.png_1033| 32_16_m.png| | 29,705| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.32_16_n.png_1033| 32_16_n.png| | 28,256| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.33_16_n.png_1033| 33_16_n.png| | 954| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.34_16_n.png_1033| 34_16_n.png| | 597| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.35_16_n.png_1033| 35_16_n.png| | 516| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.36_16_n.png_1033| 36_16_n.png| | 900| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.37_16_n.png_1033| 37_16_n.png| | 691| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.38_16_n.png_1033| 38_16_n.png| | 639| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.39_16_n.png_1033| 39_16_n.png| | 963| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.3_16_m.png_1033| 3_16_m.png| | 29,058| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.3_16_n.png_1033| 3_16_n.png| | 373| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.40_16_n.png_1033| 40_16_n.png| | 659| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.41_16_n.png_1033| 41_16_n.png| | 721| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.42_16_n.png_1033| 42_16_n.png| | 888| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.43_16_n.png_1033| 43_16_n.png| | 704| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.44_16_n.png_1033| 44_16_n.png| | 814| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.45_16_n.png_1033| 45_16_n.png| | 674| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.46_16_n.png_1033| 46_16_n.png| | 695| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.47_16_n.png_1033| 47_16_n.png| | 598| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.48_16_m.png_1033| 48_16_m.png| | 30,562| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.48_16_n.png_1033| 48_16_n.png| | 28,399| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.49_16_n.png_1033| 49_16_n.png| | 929| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.4_16_m.png_1033| 4_16_m.png| | 28,378| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.4_16_n.png_1033| 4_16_n.png| | 655| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.50_16_m.png_1033| 50_16_m.png| | 29,653| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.50_16_n.png_1033| 50_16_n.png| | 29,385| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.51_16_n.png_1033| 51_16_n.png| | 963| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.52_16_m.png_1033| 52_16_m.png| | 29,346| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.52_16_n.png_1033| 52_16_n.png| | 27,412| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.53_16_n.png_1033| 53_16_n.png| | 966| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.54_16_n.png_1033| 54_16_n.png| | 612| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.55_16_n.png_1033| 55_16_n.png| | 514| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.56_16_n.png_1033| 56_16_n.png| | 903| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.57_16_n.png_1033| 57_16_n.png| | 707| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.58_16_n.png_1033| 58_16_n.png| | 649| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.59_16_n.png_1033| 59_16_n.png| | 613| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.5_16_m.png_1033| 5_16_m.png| | 29,375| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.5_16_n.png_1033| 5_16_n.png| | 650| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.60_16_n.png_1033| 60_16_n.png| | 959| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.61_16_n.png_1033| 61_16_n.png| | 658| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.62_16_n.png_1033| 62_16_n.png| | 730| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.63_16_n.png_1033| 63_16_n.png| | 900| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.64_16_n.png_1033| 64_16_n.png| | 692| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.65_16_n.png_1033| 65_16_n.png| | 818| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.66_16_n.png_1033| 66_16_n.png| | 683| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.67_16_n.png_1033| 67_16_n.png| | 670| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.68_16_n.png_1033| 68_16_n.png| | 560| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.69_16_m.png_1033| 69_16_m.png| | 28,850| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.69_16_n.png_1033| 69_16_n.png| | 27,540| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.6_16_m.png_1033| 6_16_m.png| | 28,394| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.6_16_n.png_1033| 6_16_n.png| | 655| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.70_16_n.png_1033| 70_16_n.png| | 883| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.71_16_m.png_1033| 71_16_m.png| | 28,881| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.71_16_n.png_1033| 71_16_n.png| | 27,547| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.72_16_n.png_1033| 72_16_n.png| | 916| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.73_16_m.png_1033| 73_16_m.png| | 30,745| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.73_16_n.png_1033| 73_16_n.png| | 27,537| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.74_16_n.png_1033| 74_16_n.png| | 920| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.75_16_n.png_1033| 75_16_n.png| | 618| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.76_16_n.png_1033| 76_16_n.png| | 510| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.77_16_n.png_1033| 77_16_n.png| | 865| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.78_16_n.png_1033| 78_16_n.png| | 687| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.79_16_n.png_1033| 79_16_n.png| | 636| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.7_16_m.png_1033| 7_16_m.png| | 29,200| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.7_16_n.png_1033| 7_16_n.png| | 574| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.80_16_n.png_1033| 80_16_n.png| | 598| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.81_16_n.png_1033| 81_16_n.png| | 923| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.82_16_n.png_1033| 82_16_n.png| | 705| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.83_16_n.png_1033| 83_16_n.png| | 894| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.84_16_n.png_1033| 84_16_n.png| | 673| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.85_16_n.png_1033| 85_16_n.png| | 796| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.86_16_n.png_1033| 86_16_n.png| | 659| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.87_16_n.png_1033| 87_16_n.png| | 704| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.88_16_n.png_1033| 88_16_n.png| | 611| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.89_16_m.png_1033| 89_16_m.png| | 436| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.89_16_n.png_1033| 89_16_n.png| | 660| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.8_16_m.png_1033| 8_16_m.png| | 29,676| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.8_16_n.png_1033| 8_16_n.png| | 570| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.90_16_m.png_1033| 90_16_m.png| | 436| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.90_16_n.png_1033| 90_16_n.png| | 672| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.91_16_m.png_1033| 91_16_m.png| | 436| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.91_16_n.png_1033| 91_16_n.png| | 669| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.92_16_m.png_1033| 92_16_m.png| | 436| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.92_16_n.png_1033| 92_16_n.png| | 669| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.93_16_m.png_1033| 93_16_m.png| | 436| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.93_16_n.png_1033| 93_16_n.png| | 669| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.94_16_m.png_1033| 94_16_m.png| | 30,297| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.94_16_n.png_1033| 94_16_n.png| | 689| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.95_16_m.png_1033| 95_16_m.png| | 28,554| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.95_16_n.png_1033| 95_16_n.png| | 701| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.96_16_m.png_1033| 96_16_m.png| | 28,548| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.96_16_n.png_1033| 96_16_n.png| | 701| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.97_16_m.png_1033| 97_16_m.png| | 29,701| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.97_16_n.png_1033| 97_16_n.png| | 643| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.98_16_m.png_1033| 98_16_m.png| | 29,375| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.98_16_n.png_1033| 98_16_n.png| | 650| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.99_16_m.png_1033| 99_16_m.png| | 29,675| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.99_16_n.png_1033| 99_16_n.png| | 646| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.9_16_m.png_1033| 9_16_m.png| | 29,957| 03-Sep-2009| 04:01 \nwac.livebooks.notetags.intl.9_16_n.png_1033| 9_16_n.png| | 572| 03-Sep-2009| 04:01 \nwac.livebooks.ribbon.cui.css_1033| cui.css| | 37,474| 21-Nov-2012| 01:02 \nwac.livebooks.ribbon.cuioverride.css_1033| cuioverride.css| | 936| 21-Dec-2010| 11:26 \nwac.livebooks.ribbon.one.png_1033| one.png| | 105,491| 08-Dec-2010| 04:43 \nwac.livebooks.ribbon.onenotebgx.png_1033| onenotebgx.png| | 3,161| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.on_cluster.css_1033| on_cluster.css| | 7,637| 08-Dec-2010| 04:41 \nwac.livebooks.ribbon.rbgbbg.png_1033| rbgbbg.png| | 173| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.rbgrpbdr.png_1033| rbgrpbdr.png| | 172| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.ribbonbg.png_1033| ribbonbg.png| | 3,052| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.rmgrad16.png_1033| rmgrad16.png| | 116| 18-Sep-2009| 07:58 \nwac.livebooks.ribbon.rmgrad16rtl.png_1033| rmgrad16rtl.png| | 114| 18-Sep-2009| 07:58 \nwac.livebooks.ribbon.selectedbg.png_1033| selectedbg.png| | 195| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.tabfade.png_1033| tabfade.png| | 132| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.toolbarbg.png_1033| toolbarbg.png| | 3,078| 03-Sep-2009| 04:02 \nwac.livebooks.ribbon.we.png_1033| we.png| | 85,501| 08-Dec-2010| 04:45 \nwac.livebooks.ribbon.we_cluster.css_1033| we_cluster.css| | 5,536| 08-Dec-2010| 04:41 \nwac.livebooks.ribbon.wordbgx.png_1033| wordbgx.png| | 3,438| 03-Sep-2009| 04:04 \nwac.microsoft.office.web.environment.sharepoint.uls.native.dll| microsoft.office.web.environment.sharepoint.uls.native.dll| 14.0.7011.1000| 454,336| 06-Mar-2013| 04:02 \nwac.office.exp_pdf_server.dll| exp_pdf_server.dll| 14.0.7180.5000| 141,040| 15-Mar-2017| 01:26 \nwac.office.exp_xps_server.dll| exp_xps_server.dll| 14.0.7180.5000| 82,672| 15-Mar-2017| 01:26 \nwac.office.gfxserver.dll| gfxserver.dll| 14.0.7180.5000| 2,547,432| 15-Mar-2017| 01:32 \nwac.office.msores.dll| msores.dll| 14.0.7109.5000| 72,524,480| 06-Sep-2013| 01:37 \nwac.office.msoserver.dll| msoserver.dll| 14.0.7188.5000| 21,359,872| 24-Aug-2017| 07:47 \nwac.office.msptls.dll| msptls.dll| 14.0.7164.5000| 1,199,296| 11-Nov-2015| 09:06 \nwac.office.oartserver.dll| oartserver.dll| 14.0.7180.5000| 29,851,880| 15-Mar-2017| 02:20 \nwac.office.ogl.dll| ogl.dll| 14.0.7188.5000| 2,116,312| 26-Aug-2017| 01:01 \nwac.office.onenoteserverutil.dll| onenoteserverutil.dll|onsrvu.dll| 14.0.7166.5000| 2,457,352| 12-Jan-2016| 07:24 \nwac.office.riched20.dll| riched20.dll| 14.0.7155.5000| 1,865,384| 16-Jul-2015| 09:29 \nwac.onenote.aspx| onenote.aspx| | 2,181| 12-Feb-2013| 10:19 \nwac.onenoteframe.aspx| onenoteframe.aspx| | 1,133| 12-Feb-2013| 10:19 \nwac.powerpoint.edit.bin.cultures.office.odf| office.odf| 14.0.7130.5000| 4,300,456| 16-Jul-2014| 01:52 \nwac.rsx_1033| wac.en-us.resx| | 15,766| 22-Dec-2010| 12:53 \nwac.webservice.wacofficeonlineproxy.ashx| | | 199| 08-Dec-2010| 06:26 \nwac.word.gkword.dll| gkword.dll| 14.0.7170.5000| 3,205,376| 18-May-2016| 06:13 \nwac.word.sword.dll| sword.dll| 14.0.7182.5000| 7,566,040| 03-Jun-2017| 05:33 \nwac.word.wacword.dll| wacword.dll| 14.0.7162.5000| 61,120| 14-Oct-2015| 05:03 \nwac.wordeditor.aspx| wordeditor.aspx| | 2,177| 12-Feb-2013| 10:19 \nwac.wordeditorframe.aspx| wordeditorframe.aspx| | 1,153| 12-Feb-2013| 10:19 \nwac.wordviewer.images.intl.bggradient.png_1033| bggradient.png| | 6,137| 03-Sep-2009| 04:01 \nwac.wordviewer.images.intl.toolbarbg.png_1033| toolbarbg.png| | 3,078| 03-Sep-2009| 04:02 \nwac.wordviewer.ribbon.cuioverride.css_1033| cuioverride.css| | 936| 21-Dec-2010| 11:26 \nwac.wordviewer.ribbon.cuitoolbar.css_1033| cuitoolbar.css| | 16,941| 21-Nov-2012| 01:02 \nwac.wordviewer.ribbon.ribbonbg.png_1033| ribbonbg.png| | 3,052| 03-Sep-2009| 04:02 \nwac.wordviewer.ribbon.rmgrad16.png_1033| rmgrad16.png| | 116| 18-Sep-2009| 07:58 \nwac.wordviewer.ribbon.rmgrad16rtl.png_1033| rmgrad16rtl.png| | 114| 18-Sep-2009| 07:58 \nwac.wordviewer.ribbon.selectedbg.png_1033| selectedbg.png| | 195| 03-Sep-2009| 04:02 \nwac.wordviewer.ribbon.wordbgx.png_1033| wordbgx.png| | 3,438| 03-Sep-2009| 04:04 \nwac.wordviewer.ribbon.wv.png_1033| wv.png| | 45,455| 08-Dec-2010| 04:45 \nwac.wordviewer.ribbon.wv_cluster.css_1033| wv_cluster.css| | 2,610| 08-Dec-2010| 04:41 \nwaccore.resx_1033| waccore.en-us.resx| | 15,766| 22-Dec-2010| 12:53 \nwac_usp10.dll_0002| usp10.dll| 1.0626.7601.23883 (win7sp1_ldr.170803-0600)| 829,104| 27-Aug-2017| 09:08 \nwordviewer.mobilewordviewer.aspx| mword.aspx| | 497| 12-Feb-2013| 10:19 \nwordviewer.wordviewer.aspx| wordviewer.aspx| | 2,375| 12-Feb-2013| 10:19 \nwordviewer.wordviewer.css_1033| wordviewer.css| | 7,314| 07-Nov-2009| 10:52 \nwordviewer.wordviewerframe.aspx| wordviewerframe.aspx| | 1,139| 12-Feb-2013| 10:19 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on SharePoint: [SharePoint User Voice portal](<http://sharepoint.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for SharePoint Server 2010 Office Web Apps: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8696", "CVE-2017-8742"], "modified": "2017-09-12T07:00:00", "id": "KB3213632", "href": "https://support.microsoft.com/en-us/help/3213632", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:16:23", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>). \n \n**Note** To apply this security update, you must have the release version of SharePoint Server 2016 installed on the computer.This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:\n\n * SharePoint Framework (SPFx)\nThis public update also delivers all the features previously included in Feature Pack 1 for SharePoint Server 2016, including:\n * Administrative Actions Logging\n * MinRole enhancements\n * SharePoint Custom Tiles\n * Hybrid Auditing (preview)\n * Hybrid Taxonomy\n * OneDrive API for SharePoint on-premises\n * OneDrive for Business modern experience (available to Software Assurance customers)\nThe OneDrive for Business modern user experience requires an active Software Assurance contract at the time that it is enabled, either by installation of the public update or by manual enablement. If you don't have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.For more information, see [New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1)](<https://go.microsoft.com/fwlink/?linkid=832679>) and [New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2)](<https://go.microsoft.com/fwlink/?linkid=856819>).\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for SharePoint Server 2016: \n\n\n * Reduce the memory usage for dictionary compilation.\n * You can't access a content type hub after the Hybrid Content Type feature is enabled.\n * After you edit the recurrence count of an event series of a SharePoint calendar list, event ID 5214 is logged in the Application Event Log.\n * You can now create and deploy Client-Side Web Parts to SharePoint On-Premises sites.\n * Translate some terms in multiple languages to make sure that the meaning is accurate.\n * Multiple properties in Microsoft Identity Manager (MIM) can't be updated at a same time by using existing update mechanisms. For example, the Assistant and Manager properties can't be updated at a same time.\n * Custom properties of documents can now be mapped in the search schema. This update also increases PDF compatibility when indexing.\n * In a trusted Security Assertion Markup Language (SAML) configuration, Office Web Apps Server flows and other OAuth-based flows don't work when certain claims aren't available in the token. For example, when you sign in to a web application that uses AD FS authentication, you can't open a file for which you have permissions granted through an AD security group membership in the browser (Office Web Apps Server Server).\n * If a page doesn't have a published version, the variation page creates a page that has version \"1.511\" rather than the expected version of \"0.1\" in the target labels.\n * You can't access the SharePoint Admin site after you create a farm.\n * When you select to show more posts on MySite host, some feeds may be missing.\n * In a multi-tenant configuration, the People Picker will respect the tenant (subscription) property (UserAccountDirectoryPath) for search and resolve operations. Therefore, the resolve operation will not find a user in another organization unit.\n * Farm administrators can now add and remove other users from the User Profile Service Application administration.\n * When you try to upload files to a folder that has Swedish characters, you receive the following error message:\n\nSorry, something went wrong. The file or folder name \"_FolderName_\" contains invalid characters. Please use a different name.\n\nThis security update contains improvements and fixes for Project Server 2016:\n * Consider the following scenario: \n\n * You create a Gantt Chart format and then select to display at least one of the custom duration bars.\n * You edit a Project view and then set the Gantt Chart format to one that has custom duration bars.\n * You edit a project in Project Web App.\n * You apply the project view.\nIn this situation, the view doesn't load, and you receive the following error message:\n\nThe view failed to load. Press OK to reload this view with the default settings. Press Cancel to select another view.\n\n * When you edit a task and select the **Show More** button, the focus isn't set on the first uncovered field.\n * When you call the GetTimePhase method on the StatusAssignmentCollection that's exposed on an EnterpriseResource object in CSOM, the Status Broker permission is ignored.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011127>) website.\n\n### Method 2: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011127 for the 64-bit version of SharePoint Server 2016](<http://www.microsoft.com/download/details.aspx?familyid=1ec584bc-9f3d-409f-9a4b-8a5757932eea>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nsts2016-kb4011127-fullfile-x64-glb.exe| 8999E93063FD45B9674BA9DCC884659FDE90487D| 12739D0B8BE3A26AAF2B08F6304B93D7FCBF6258B7780A4880CD8470F6D2BF1D \n \n### File information\n\nFor the list of files that cumulative update 4011127 contains, download the [file information for update 4011127](<http://download.microsoft.com/download/9/f/b/9fb0d346-03f7-4b9b-84bd-1a95a005432f/4011127.csv>).\n\n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for SharePoint Server 2016: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8742", "CVE-2017-8743"], "modified": "2017-09-12T07:00:00", "id": "KB4011127", "href": "https://support.microsoft.com/en-us/help/4011127", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:05:55", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>). \n \n**Note** To apply this security update, you must have the release version of PowerPoint 2016 installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issues:\n\n * Improve the print quality of gradient files in printed PowerPoint 2016 documents.\n * When you copy and paste a shape programmatically (using the PasteSpecial method) into a presentation in PowerPoint 2016, the shape isn't pasted as expected. For example, the shape may appear on an incorrect slide. Alternatively, another shape may take on unexpected formatting.\n * When programmatically pasting slides from one presentation into another, slide placeholders are not placed in the proper position on the slide.\n * When you try to open a password-protected document that has already been opened by another user in PowerPoint 2016, you don't receive a notification that informs the document is being opened as read-only.\n * After you change embedded objects during slide show in PowerPoint 2016, PowerPoint 2016 does not prompt to save changes.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011041>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011041 for the 32-bit version of PowerPoint 2016](<http://www.microsoft.com/download/details.aspx?familyid=4934a0db-f0a7-48cd-a6a6-9d2899a0494b>)\n * [Download the security update KB4011041 for the 64-bit version of PowerPoint 2016](<http://www.microsoft.com/download/details.aspx?familyid=52d9987c-046e-4011-838b-0f869b22239f>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB3114518](<http://support.microsoft.com/kb/3114518>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \npowerpoint2016-kb4011041-fullfile-x86-glb.exe| 4C556BD059029FD61F1B87DE5FE38A49FDEAC56C| 204B8711CF38E9C1F45633410EAE949BBA732B760EB2861DABCBCE18FB17C830 \npowerpoint2016-kb4011041-fullfile-x64-glb.exe| C234DAA888F652F7A2789867B94569154B58D6EC| 098AB80F04941877143492D398BA380E67F16E1E6016F2575F1D500E6D94EC59 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.For all supported x86-based versions of PowerPoint 2016| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nppintl.dll_1025| ppintl.dll| 16.0.4519.1000| 1224400| 16-Aug-17| 12:52 \nppintl.dll_1026| ppintl.dll| 16.0.4519.1000| 1234640| 16-Aug-17| 12:52 \nppintl.dll_1029| ppintl.dll| 16.0.4519.1000| 1244368| 16-Aug-17| 12:52 \nppintl.dll_1030| ppintl.dll| 16.0.4519.1000| 1223376| 16-Aug-17| 12:52 \nppintl.dll_1031| ppintl.dll| 16.0.4519.1000| 1247952| 16-Aug-17| 12:52 \nppintl.dll_1032| ppintl.dll| 16.0.4519.1000| 1254096| 16-Aug-17| 12:52 \nppintl.dll_3082| ppintl.dll| 16.0.4519.1000| 1232080| 16-Aug-17| 12:52 \nppintl.dll_1061| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:52 \nppintl.dll_1035| ppintl.dll| 16.0.4519.1000| 1222864| 16-Aug-17| 12:53 \nppintl.dll_1036| ppintl.dll| 16.0.4519.1000| 1243856| 16-Aug-17| 12:53 \nppintl.dll_1037| ppintl.dll| 16.0.4519.1000| 1205464| 16-Aug-17| 12:53 \nppintl.dll_1081| ppintl.dll| 16.0.4519.1000| 1248472| 16-Aug-17| 12:53 \nppintl.dll_1050| ppintl.dll| 16.0.4519.1000| 1225424| 16-Aug-17| 12:53 \nppintl.dll_1038| ppintl.dll| 16.0.4519.1000| 1243856| 16-Aug-17| 12:53 \nppintl.dll_1057| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:53 \nppintl.dll_1040| ppintl.dll| 16.0.4519.1000| 1227992| 16-Aug-17| 12:53 \nppintl.dll_1041| ppintl.dll| 16.0.4519.1000| 1240784| 16-Aug-17| 12:52 \nppintl.dll_1087| ppintl.dll| 16.0.4519.1000| 1251024| 16-Aug-17| 12:53 \nppintl.dll_1042| ppintl.dll| 16.0.4549.1000| 1230552| 16-Aug-17| 12:53 \nppintl.dll_1063| ppintl.dll| 16.0.4519.1000| 1231056| 16-Aug-17| 12:53 \nppintl.dll_1062| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:53 \nppintl.dll_1086| ppintl.dll| 16.0.4519.1000| 1220304| 16-Aug-17| 12:53 \nppintl.dll_1044| ppintl.dll| 16.0.4519.1000| 1219792| 16-Aug-17| 12:53 \nppintl.dll_1043| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:53 \nppintl.dll_1045| ppintl.dll| 16.0.4519.1000| 1244888| 16-Aug-17| 12:53 \nppintl.dll_1046| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:53 \nppintl.dll_2070| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:53 \nppintl.dll_1048| ppintl.dll| 16.0.4519.1000| 1249496| 16-Aug-17| 12:53 \nppintl.dll_1049| ppintl.dll| 16.0.4519.1000| 1234128| 16-Aug-17| 12:53 \nppintl.dll_1051| ppintl.dll| 16.0.4519.1000| 1247952| 16-Aug-17| 12:53 \nppintl.dll_1060| ppintl.dll| 16.0.4519.1000| 1226960| 16-Aug-17| 12:53 \nppintl.dll_2074| ppintl.dll| 16.0.4519.1000| 1229528| 16-Aug-17| 12:53 \nppintl.dll_9242| ppintl.dll| 16.0.4519.1000| 1230032| 16-Aug-17| 12:53 \nppintl.dll_1053| ppintl.dll| 16.0.4519.1000| 1220304| 16-Aug-17| 12:53 \nppintl.dll_1054| ppintl.dll| 16.0.4519.1000| 1235152| 16-Aug-17| 12:53 \nppintl.dll_1055| ppintl.dll| 16.0.4519.1000| 1244880| 16-Aug-17| 12:53 \nppintl.dll_1058| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:53 \nppintl.dll_1066| ppintl.dll| 16.0.4519.1000| 1258704| 16-Aug-17| 12:53 \nppintl.dll_2052| ppintl.dll| 16.0.4519.1000| 1210576| 16-Aug-17| 12:53 \nppintl.dll_1028| ppintl.dll| 16.0.4519.1000| 1212120| 16-Aug-17| 12:53 \nppintl.dll_1033| ppintl.dll| 16.0.4519.1000| 1213136| 15-Aug-17| 01:02 \nmsppt.olb| msppt.olb| | 428296| 15-Aug-17| 01:03 \npowerpnt.man| powerpnt.exe.manifest| | 4172| 15-Aug-17| 01:03 \nppcore.dll| ppcore.dll| 16.0.4588.1000| 12102872| 16-Aug-17| 11:55 \nFor all supported x64-based versions of PowerPoint 2016File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nppintl.dll_1025| ppintl.dll| 16.0.4519.1000| 1224400| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1025| ppintl.dll| 16.0.4519.1000| 1224400| 16-Aug-17| 12:42 \nppintl.dll_1026| ppintl.dll| 16.0.4519.1000| 1234648| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1026| ppintl.dll| 16.0.4519.1000| 1234648| 16-Aug-17| 12:42 \nppintl.dll_1029| ppintl.dll| 16.0.4519.1000| 1244368| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1029| ppintl.dll| 16.0.4519.1000| 1244368| 16-Aug-17| 12:42 \nppintl.dll_1030| ppintl.dll| 16.0.4519.1000| 1223376| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1030| ppintl.dll| 16.0.4519.1000| 1223376| 16-Aug-17| 12:42 \nppintl.dll_1031| ppintl.dll| 16.0.4519.1000| 1247960| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1031| ppintl.dll| 16.0.4519.1000| 1247960| 16-Aug-17| 12:42 \nppintl.dll_1032| ppintl.dll| 16.0.4519.1000| 1254096| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1032| ppintl.dll| 16.0.4519.1000| 1254096| 16-Aug-17| 12:42 \nppintl.dll_3082| ppintl.dll| 16.0.4519.1000| 1232080| 16-Aug-17| 12:41 \nppt.conversion.ppintl.dll_3082| ppintl.dll| 16.0.4519.1000| 1232080| 16-Aug-17| 12:41 \nppintl.dll_1061| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:41 \nppt.conversion.ppintl.dll_1061| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:41 \nppintl.dll_1035| ppintl.dll| 16.0.4519.1000| 1222864| 16-Aug-17| 12:41 \nppt.conversion.ppintl.dll_1035| ppintl.dll| 16.0.4519.1000| 1222864| 16-Aug-17| 12:41 \nppintl.dll_1036| ppintl.dll| 16.0.4519.1000| 1243864| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1036| ppintl.dll| 16.0.4519.1000| 1243864| 16-Aug-17| 12:42 \nppintl.dll_1037| ppintl.dll| 16.0.4519.1000| 1205464| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1037| ppintl.dll| 16.0.4519.1000| 1205464| 16-Aug-17| 12:42 \nppintl.dll_1081| ppintl.dll| 16.0.4519.1000| 1248464| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1081| ppintl.dll| 16.0.4519.1000| 1248464| 16-Aug-17| 12:42 \nppintl.dll_1050| ppintl.dll| 16.0.4519.1000| 1225424| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1050| ppintl.dll| 16.0.4519.1000| 1225424| 16-Aug-17| 12:42 \nppintl.dll_1038| ppintl.dll| 16.0.4519.1000| 1243856| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1038| ppintl.dll| 16.0.4519.1000| 1243856| 16-Aug-17| 12:42 \nppintl.dll_1057| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:41 \nppt.conversion.ppintl.dll_1057| ppintl.dll| 16.0.4519.1000| 1218768| 16-Aug-17| 12:41 \nppintl.dll_1040| ppintl.dll| 16.0.4519.1000| 1227984| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1040| ppintl.dll| 16.0.4519.1000| 1227984| 16-Aug-17| 12:42 \nppintl.dll_1041| ppintl.dll| 16.0.4519.1000| 1240792| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1041| ppintl.dll| 16.0.4519.1000| 1240792| 16-Aug-17| 12:42 \nppt.edit.ppintl.dll_1041| ppintl.dll| 16.0.4519.1000| 1240792| | \nppintl.dll_1087| ppintl.dll| 16.0.4519.1000| 1251024| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1087| ppintl.dll| 16.0.4519.1000| 1251024| 16-Aug-17| 12:42 \nppintl.dll_1042| ppintl.dll| 16.0.4549.1000| 1230544| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1042| ppintl.dll| 16.0.4549.1000| 1230544| 16-Aug-17| 12:42 \nppintl.dll_1063| ppintl.dll| 16.0.4519.1000| 1231056| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1063| ppintl.dll| 16.0.4519.1000| 1231056| 16-Aug-17| 12:42 \nppintl.dll_1062| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1062| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppintl.dll_1086| ppintl.dll| 16.0.4519.1000| 1220304| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1086| ppintl.dll| 16.0.4519.1000| 1220304| 16-Aug-17| 12:42 \nppintl.dll_1044| ppintl.dll| 16.0.4519.1000| 1219792| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1044| ppintl.dll| 16.0.4519.1000| 1219792| 16-Aug-17| 12:42 \nppintl.dll_1043| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1043| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppintl.dll_1045| ppintl.dll| 16.0.4519.1000| 1244880| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1045| ppintl.dll| 16.0.4519.1000| 1244880| 16-Aug-17| 12:42 \nppintl.dll_1046| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1046| ppintl.dll| 16.0.4519.1000| 1230544| 16-Aug-17| 12:42 \nppintl.dll_2070| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_2070| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:42 \nppintl.dll_1048| ppintl.dll| 16.0.4519.1000| 1249488| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1048| ppintl.dll| 16.0.4519.1000| 1249488| 16-Aug-17| 12:42 \nppintl.dll_1049| ppintl.dll| 16.0.4519.1000| 1234128| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1049| ppintl.dll| 16.0.4519.1000| 1234128| 16-Aug-17| 12:42 \nppintl.dll_1051| ppintl.dll| 16.0.4519.1000| 1247952| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1051| ppintl.dll| 16.0.4519.1000| 1247952| 16-Aug-17| 12:42 \nppintl.dll_1060| ppintl.dll| 16.0.4519.1000| 1226960| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1060| ppintl.dll| 16.0.4519.1000| 1226960| 16-Aug-17| 12:42 \nppintl.dll_2074| ppintl.dll| 16.0.4519.1000| 1229528| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_2074| ppintl.dll| 16.0.4519.1000| 1229528| 16-Aug-17| 12:42 \nppintl.dll_9242| ppintl.dll| 16.0.4519.1000| 1230032| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_9242| ppintl.dll| 16.0.4519.1000| 1230032| 16-Aug-17| 12:42 \nppt.edit.ppintl.dll_9242| ppintl.dll| 16.0.4519.1000| 1230032| | \nppintl.dll_1053| ppintl.dll| 16.0.4519.1000| 1220312| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1053| ppintl.dll| 16.0.4519.1000| 1220312| 16-Aug-17| 12:42 \nppintl.dll_1054| ppintl.dll| 16.0.4519.1000| 1235152| 16-Aug-17| 12:43 \nppt.conversion.ppintl.dll_1054| ppintl.dll| 16.0.4519.1000| 1235152| 16-Aug-17| 12:43 \nppintl.dll_1055| ppintl.dll| 16.0.4519.1000| 1244880| 16-Aug-17| 12:43 \nppt.conversion.ppintl.dll_1055| ppintl.dll| 16.0.4519.1000| 1244880| 16-Aug-17| 12:43 \nppintl.dll_1058| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:43 \nppt.conversion.ppintl.dll_1058| ppintl.dll| 16.0.4519.1000| 1235664| 16-Aug-17| 12:43 \nppintl.dll_1066| ppintl.dll| 16.0.4519.1000| 1258704| 16-Aug-17| 12:42 \nppt.conversion.ppintl.dll_1066| ppintl.dll| 16.0.4519.1000| 1258704| 16-Aug-17| 12:42 \nppintl.dll_2052| ppintl.dll| 16.0.4519.1000| 1210584| 16-Aug-17| 12:43 \nppt.conversion.ppintl.dll_2052| ppintl.dll| 16.0.4519.1000| 1210584| 16-Aug-17| 12:43 \nppintl.dll_1028| ppintl.dll| 16.0.4519.1000| 1212112| 16-Aug-17| 12:43 \nppt.conversion.ppintl.dll_1028| ppintl.dll| 16.0.4519.1000| 1212112| 16-Aug-17| 12:43 \nppintl.dll_1033| ppintl.dll| 16.0.4519.1000| 1213136| 15-Aug-17| 01:05 \nppt.conversion.ppintl.dll_1033| ppintl.dll| 16.0.4519.1000| 1213136| 15-Aug-17| 01:05 \nppt.edit.ppintl.dll_1033| ppintl.dll| 16.0.4519.1000| 1213136| | \nmsppt.olb| msppt.olb| | 428304| 15-Aug-17| 01:10 \npowerpnt.man| powerpnt.exe.manifest| | 4172| 15-Aug-17| 01:10 \nppcore.dll| ppcore.dll| 16.0.4588.1000| 18624728| 16-Aug-17| 11:57 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for PowerPoint 2016: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8742", "CVE-2017-8743"], "modified": "2017-09-12T07:00:00", "id": "KB4011041", "href": "https://support.microsoft.com/en-us/help/4011041", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:06:05", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 3 for the 2007 Microsoft Office Suite](<http://support.microsoft.com/kb/949585>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011064>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011064 for the 32-bit version of Microsoft Office Compatibility Pack Service Pack 3](<http://www.microsoft.com/download/details.aspx?familyid=55416433-62a6-4360-986e-7edc0decb454>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nxlconv2007-kb4011064-fullfile-x86-glb.exe| 179D53ADEB6892F95DCABCDB184B9C2A59FE28BB| A97C76165F9A5ADEB2585EA1AD15CA7F70A32C49002E834A8354517AD0584B97 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Microsoft Office Compatibility Pack Service Pack 3| File name| File version| File size| Date| Time| Platform \n---|---|---|---|---|--- \nXl12cnv.exe| 12.0.6776.5000| 15,163,616| 25-Aug-2017| 07:58| x86 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Microsoft Office Compatibility Pack Service Pack 3: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2017-09-12T07:00:00", "id": "KB4011064", "href": "https://support.microsoft.com/en-us/help/4011064", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:06:03", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 2 for Office 2010](<http://support.microsoft.com/kb/2687455>) installed on the computer.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011061>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011061 for the 32-bit version of Excel 2010](<http://www.microsoft.com/download/details.aspx?familyid=76792e87-6d32-4992-b2bd-678a2b4592c6>)\n * [Download the security update KB4011061 for the 32-bit version of Excel 2010](<http://www.microsoft.com/download/details.aspx?familyid=0b3e24c6-bda9-493f-8104-10eb330601a5>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces the previously released update KB 3191907.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nexcel2010-kb4011061-fullfile-x64-glb.exe| F47B750A177E5C8713E667E64FB8D2936CCE838D| AAE54F691593657DD93827CC63CF99A10D564C8365A3F8F8992D7DE049AEA9F1 \nexcel2010-kb4011061-fullfile-x86-glb.exe| 9B4C0613770EA2345046EDB5213691ACF2163C6E| DF912A3791CEF8C0301E9FFBDE22BD9F4D2A138E761DD1F448BD949BFD69B700 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.For all supported x86-based versions of Excel 2010| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nexcel.exe| excel.exe| 14.0.7188.5000| 20,413,120| 26-Aug-2017| 01:00 \nexcel.man| excel.exe.manifest| | 1,194| 13-Oct-2015| 06:40 \nxl12cnv.exe| excelcnv.exe| 14.0.7188.5000| 17,851,072| 24-Aug-2017| 08:39 \nxlcall32.dll| xlcall32.dll| 14.0.7162.5000| 10,432| 13-Oct-2015| 06:52 \nxlicons.exe| xlicons.exe| 14.0.7120.5000| 1,480,360| 05-Mar-2014| 06:06 \nFor all supported x64-based versions of Excel 2010File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nexcel.exe| excel.exe| 14.0.7188.5000| 27,668,672| 26-Aug-2017| 01:06 \nexcel.man| excel.exe.manifest| | 1,196| 13-Oct-2015| 06:48 \nxl12cnv.exe| excelcnv.exe| 14.0.7188.5000| 25,063,104| 24-Aug-2017| 08:26 \nxlcall32.dll| xlcall32.dll| 14.0.7162.5000| 10,944| 13-Oct-2015| 07:00 \nxlicons.exe| xlicons.exe| 14.0.7120.5000| 1,480,360| 05-Mar-2014| 06:06 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Excel 2010: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2017-09-12T07:00:00", "id": "KB4011061", "href": "https://support.microsoft.com/en-us/help/4011061", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:16:20", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>) and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>). \n \n**Note** To apply this security update, you must have the release version of [Service Pack 1 for Microsoft Office 2013](<http://support.microsoft.com/kb/2817430>) installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issues: \n\n\n * Improve the translation for the following in Excel 2013:\n * The description for the T function in German\n * Warning message when you delete a row in filtered table in Dutch\n * When you drag an object from another application to a workbook in Excel 2013, the object is dropped at a different position.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011108>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011108 for the 32-bit version of Excel 2013](<http://www.microsoft.com/download/details.aspx?familyid=71e18663-2cc6-4fdf-af66-e1a99e2b6c38>)\n * [Download the security update KB4011108 for the 64-bit version of Excel 2013](<http://www.microsoft.com/download/details.aspx?familyid=a674b41d-d3ba-4a58-bae8-611c53d6e0e0>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nexcel2013-kb4011108-fullfile-x64-glb.exe| 87C01CD2D042E0DE6982FF034A5D2CD42465B2FC| 93C4A3637A42EC220F3C9D638F207CB9C8B9C4E764F8410C1AA7DE92386989FF \nexcel2013-kb4011108-fullfile-x86-glb.exe| 58827166680B358F2D6A4DF63609875BD8739E2B| 82320D36B12AE886746665B8AA9DBB23C93B199407DE51E9D4821DC1A12FE47B \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \nFor all supported x86-based versions of Excel 2013| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nexptoows.dll.1025| exptoows.dll| 15.0.4442.1000| 13448| 16-Aug-17| 09:13 \nexptoows.dll.1030| exptoows.dll| 15.0.4442.1000| 14480| 16-Aug-17| 09:13 \nexptoows.dll.1031| exptoows.dll| 15.0.4442.1000| 15000| 16-Aug-17| 09:13 \nexptoows.dll.3082| exptoows.dll| 15.0.4442.1000| 14488| 16-Aug-17| 09:13 \nexptoows.dll.1036| exptoows.dll| 15.0.4442.1000| 14496| 16-Aug-17| 09:13 \nexptoows.dll.1037| exptoows.dll| 15.0.4442.1000| 13424| 16-Aug-17| 09:13 \nexptoows.dll.1081| exptoows.dll| 15.0.4442.1000| 13952| 16-Aug-17| 09:13 \nexptoows.dll.1057| exptoows.dll| 15.0.4463.1000| 13920| 16-Aug-17| 08:23 \nexptoows.dll.1040| exptoows.dll| 15.0.4442.1000| 14480| 16-Aug-17| 09:13 \nexptoows.dll.1041| exptoows.dll| 15.0.4442.1000| 12936| 16-Aug-17| 09:13 \nexptoows.dll.1042| exptoows.dll| 15.0.4442.1000| 12416| 16-Aug-17| 09:13 \nexptoows.dll.1043| exptoows.dll| 15.0.4442.1000| 14504| 16-Aug-17| 09:13 \nexptoows.dll.1046| exptoows.dll| 15.0.4442.1000| 14496| 16-Aug-17| 09:13 \nexptoows.dll.2070| exptoows.dll| 15.0.4442.1000| 14496| 16-Aug-17| 09:13 \nexptoows.dll.1049| exptoows.dll| 15.0.4442.1000| 13952| 16-Aug-17| 09:13 \nexptoows.dll.1060| exptoows.dll| 15.0.4454.1000| 13928| 16-Aug-17| 08:24 \nexptoows.dll.1066| exptoows.dll| 15.0.4481.1000| 14400| 16-Aug-17| 08:24 \nexptoows.dll.2052| exptoows.dll| 15.0.4442.1000| 11912| 16-Aug-17| 09:13 \nexptoows.dll.1028| exptoows.dll| 15.0.4442.1000| 12416| 16-Aug-17| 09:13 \nxlintl32.dll_1025| xlintl32.dll| 15.0.4709.1000| 4669600| 16-Aug-17| 08:14 \nxllex.dll_1025| xllex.dll| 15.0.4569.1000| 38592| 16-Aug-17| 08:14 \nxlintl32.dll_1026| xlintl32.dll| 15.0.4709.1000| 4890280| 16-Aug-17| 08:15 \nxllex.dll_1026| xllex.dll| 15.0.4569.1000| 40616| 16-Aug-17| 08:15 \nxlintl32.dll_1029| xlintl32.dll| 15.0.4709.1000| 4856000| 16-Aug-17| 08:15 \nxllex.dll_1029| xllex.dll| 15.0.4569.1000| 66240| 16-Aug-17| 08:15 \nxlintl32.dll_1030| xlintl32.dll| 15.0.4709.1000| 4553400| 16-Aug-17| 08:15 \nxllex.dll_1030| xllex.dll| 15.0.4953.1000| 50424| 16-Aug-17| 08:15 \nxlintl32.dll_1031| xlintl32.dll| 15.0.4963.1000| 4723456| 16-Aug-17| 08:14 \nxllex.dll_1031| xllex.dll| 15.0.4569.1000| 43712| 16-Aug-17| 08:14 \nxlintl32.dll_1032| xlintl32.dll| 15.0.4709.1000| 5137056| 16-Aug-17| 08:15 \nxllex.dll_1032| xllex.dll| 15.0.4569.1000| 57512| 16-Aug-17| 08:15 \nxlintl32.dll_3082| xlintl32.dll| 15.0.4709.1000| 4657352| 16-Aug-17| 08:15 \nxllex.dll_3082| xllex.dll| 15.0.4569.1000| 43720| 16-Aug-17| 08:15 \nxlintl32.dll_1061| xlintl32.dll| 15.0.4709.1000| 4772032| 16-Aug-17| 08:15 \nxllex.dll_1061| xllex.dll| 15.0.4569.1000| 40128| 16-Aug-17| 08:15 \nxlintl32.dll_1035| xlintl32.dll| 15.0.4937.1000| 4678888| 16-Aug-17| 08:15 \nxllex.dll_1035| xllex.dll| 15.0.4569.1000| 43192| 16-Aug-17| 08:15 \nxlintl32.dll_1036| xlintl32.dll| 15.0.4709.1000| 5071040| 16-Aug-17| 08:15 \nxllex.dll_1036| xllex.dll| 15.0.4569.1000| 57536| 16-Aug-17| 08:15 \nxlintl32.dll_1037| xlintl32.dll| 15.0.4709.1000| 4622496| 16-Aug-17| 08:15 \nxllex.dll_1037| xllex.dll| 15.0.4569.1000| 55976| 16-Aug-17| 08:15 \nxlintl32.dll_1081| xlintl32.dll| 15.0.4709.1000| 4801696| 16-Aug-17| 08:15 \nxllex.dll_1081| xllex.dll| 15.0.4569.1000| 39080| 16-Aug-17| 08:15 \nxlintl32.dll_1050| xlintl32.dll| 15.0.4709.1000| 4624088| 16-Aug-17| 08:15 \nxllex.dll_1050| xllex.dll| 15.0.4569.1000| 40664| 16-Aug-17| 08:15 \nxlintl32.dll_1038| xlintl32.dll| 15.0.4709.1000| 4908728| 16-Aug-17| 08:15 \nxllex.dll_1038| xllex.dll| 15.0.4569.1000| 67776| 16-Aug-17| 08:15 \nxlintl32.dll_1057| xlintl32.dll| 15.0.4709.1000| 4543672| 16-Aug-17| 08:15 \nxllex.dll_1057| xllex.dll| 15.0.4569.1000| 39616| 16-Aug-17| 08:15 \nxlintl32.dll_1040| xlintl32.dll| 15.0.4763.1000| 4666056| 16-Aug-17| 08:15 \nxllex.dll_1040| xllex.dll| 15.0.4569.1000| 44744| 16-Aug-17| 08:15 \nxlintl32.dll_1041| xlintl32.dll| 15.0.4709.1000| 4246688| 16-Aug-17| 08:14 \nxllex.dll_1041| xllex.dll| 15.0.4569.1000| 46760| 16-Aug-17| 08:14 \nxlintl32.dll_1087| xlintl32.dll| 15.0.4709.1000| 4881064| 16-Aug-17| 08:15 \nxllex.dll_1087| xllex.dll| 15.0.4569.1000| 55464| 16-Aug-17| 08:15 \nxlintl32.dll_1042| xlintl32.dll| 15.0.4709.1000| 4244640| 16-Aug-17| 08:15 \nxllex.dll_1042| xllex.dll| 15.0.4569.1000| 45736| 16-Aug-17| 08:15 \nxlintl32.dll_1063| xlintl32.dll| 15.0.4709.1000| 4891328| 16-Aug-17| 08:15 \nxllex.dll_1063| xllex.dll| 15.0.4569.1000| 41672| 16-Aug-17| 08:15 \nxlintl32.dll_1062| xlintl32.dll| 15.0.4709.1000| 4721344| 16-Aug-17| 08:15 \nxllex.dll_1062| xllex.dll| 15.0.4569.1000| 40648| 16-Aug-17| 08:15 \nxlintl32.dll_1086| xlintl32.dll| 15.0.4709.1000| 4568256| 16-Aug-17| 08:15 \nxllex.dll_1086| xllex.dll| 15.0.4569.1000| 39104| 16-Aug-17| 08:15 \nxlintl32.dll_1044| xlintl32.dll| 15.0.4727.1000| 4533952| 16-Aug-17| 08:15 \nxllex.dll_1044| xllex.dll| 15.0.4569.1000| 41664| 16-Aug-17| 08:15 \nxlintl32.dll_1043| xlintl32.dll| 15.0.4963.1000| 4663552| 16-Aug-17| 08:15 \nxllex.dll_1043| xllex.dll| 15.0.4569.1000| 42688| 16-Aug-17| 08:15 \nxlintl32.dll_1045| xlintl32.dll| 15.0.4709.1000| 4964560| 16-Aug-17| 08:15 \nxllex.dll_1045| xllex.dll| 15.0.4569.1000| 70352| 16-Aug-17| 08:15 \nxlintl32.dll_1046| xlintl32.dll| 15.0.4709.1000| 4635840| 16-Aug-17| 08:15 \nxllex.dll_1046| xllex.dll| 15.0.4569.1000| 42184| 16-Aug-17| 08:15 \nxlintl32.dll_2070| xlintl32.dll| 15.0.4709.1000| 4708544| 16-Aug-17| 08:15 \nxllex.dll_2070| xllex.dll| 15.0.4569.1000| 42696| 16-Aug-17| 08:15 \nxlintl32.dll_1048| xlintl32.dll| 15.0.4709.1000| 4943552| 16-Aug-17| 08:15 \nxllex.dll_1048| xllex.dll| 15.0.4569.1000| 56008| 16-Aug-17| 08:15 \nxlintl32.dll_1049| xlintl32.dll| 15.0.4709.1000| 4834464| 16-Aug-17| 08:15 \nxllex.dll_1049| xllex.dll| 15.0.4569.1000| 43688| 16-Aug-17| 08:15 \nxlintl32.dll_1051| xlintl32.dll| 15.0.4709.1000| 4880064| 16-Aug-17| 08:15 \nxllex.dll_1051| xllex.dll| 15.0.4569.1000| 55496| 16-Aug-17| 08:15 \nxlintl32.dll_1060| xlintl32.dll| 15.0.4709.1000| 4847832| 16-Aug-17| 08:15 \nxllex.dll_1060| xllex.dll| 15.0.4569.1000| 52440| 16-Aug-17| 08:15 \nxlintl32.dll_2074| xlintl32.dll| 15.0.4709.1000| 4900056| 16-Aug-17| 08:15 \nxllex.dll_2074| xllex.dll| 15.0.4569.1000| 52440| 16-Aug-17| 08:15 \nxlintl32.dll_1053| xlintl32.dll| 15.0.4945.1000| 4545792| 16-Aug-17| 08:15 \nxllex.dll_1053| xllex.dll| 15.0.4569.1000| 40640| 16-Aug-17| 08:15 \nxlintl32.dll_1054| xlintl32.dll| 15.0.4709.1000| 4555936| 16-Aug-17| 08:15 \nxllex.dll_1054| xllex.dll| 15.0.4569.1000| 39592| 16-Aug-17| 08:15 \nxlintl32.dll_1055| xlintl32.dll| 15.0.4709.1000| 4835512| 16-Aug-17| 08:15 \nxllex.dll_1055| xllex.dll| 15.0.4569.1000| 65216| 16-Aug-17| 08:15 \nxlintl32.dll_1058| xlintl32.dll| 15.0.4709.1000| 4809888| 16-Aug-17| 08:15 \nxllex.dll_1058| xllex.dll| 15.0.4569.1000| 40616| 16-Aug-17| 08:15 \nxlintl32.dll_1066| xlintl32.dll| 15.0.4709.1000| 4867232| 16-Aug-17| 08:15 \nxllex.dll_1066| xllex.dll| 15.0.4569.1000| 59048| 16-Aug-17| 08:15 \nxlintl32.dll_2052| xlintl32.dll| 15.0.4709.1000| 4041376| 16-Aug-17| 08:16 \nxllex.dll_2052| xllex.dll| 15.0.4569.1000| 49320| 16-Aug-17| 08:16 \nxlintl32.dll_1028| xlintl32.dll| 15.0.4709.1000| 4058280| 16-Aug-17| 08:16 \nxllex.dll_1028| xllex.dll| 15.0.4569.1000| 47272| 16-Aug-17| 08:16 \nsolver.xlam_1029| solver.xlam| | 387270| 16-Aug-17| 08:15 \nsolver.xlam_1030| solver.xlam| | 393279| 16-Aug-17| 08:15 \nsolver.xlam_1031| solver.xlam| | 389442| 16-Aug-17| 08:14 \nsolver.xlam_1032| solver.xlam| | 385823| 16-Aug-17| 08:15 \nsolver.xlam_3082| solver.xlam| | 390466| 16-Aug-17| 08:15 \nsolver.xlam_1035| solver.xlam| | 393370| 16-Aug-17| 08:15 \nsolver.xlam_1036| solver.xlam| | 392486| 16-Aug-17| 08:15 \nsolver.xlam_1050| solver.xlam| | 390879| 16-Aug-17| 08:15 \nsolver.xlam_1038| solver.xlam| | 386469| 16-Aug-17| 08:15 \nsolver.xlam_1040| solver.xlam| | 391320| 16-Aug-17| 08:15 \nsolver.xlam_1041| solver.xlam| | 384524| 16-Aug-17| 08:14 \nsolver.xlam_1042| solver.xlam| | 386074| 16-Aug-17| 08:15 \nsolver.xlam_1044| solver.xlam| | 389011| 16-Aug-17| 08:15 \nsolver.xlam_1043| solver.xlam| | 391407| 16-Aug-17| 08:15 \nsolver.xlam_1045| solver.xlam| | 384352| 16-Aug-17| 08:15 \nsolver.xlam_1046| solver.xlam| | 385274| 16-Aug-17| 08:15 \nsolver.xlam_2070| solver.xlam| | 387094| 16-Aug-17| 08:15 \nsolver.xlam_1048| solver.xlam| | 384273| 16-Aug-17| 08:15 \nsolver.xlam_1049| solver.xlam| | 384729| 16-Aug-17| 08:15 \nsolver.xlam_1051| solver.xlam| | 388324| 16-Aug-17| 08:15 \nsolver.xlam_1060| solver.xlam| | 385407| 16-Aug-17| 08:15 \nsolver.xlam_1053| solver.xlam| | 390380| 16-Aug-17| 08:15 \nsolver.xlam_1055| solver.xlam| | 385525| 16-Aug-17| 08:15 \nsolver.xlam_1058| solver.xlam| | 386145| 16-Aug-17| 08:15 \nsolver.xlam_2052| solver.xlam| | 385563| 16-Aug-17| 08:16 \nsolver.xlam_1028| solver.xlam| | 383814| 16-Aug-17| 08:16 \nxlicons.exe| xlicons.exe| 15.0.4553.1000| 3685544| 15-Aug-17| 09:03 \nxlintl32.rest.idx_dll_1025| xlintl32.rest.idx_dll| 15.0.4709.1000| 385184| 16-Aug-17| 08:14 \nxlintl32.dll.idx_dll_1026| xlintl32.dll.idx_dll| 15.0.4460.1000| 100416| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1026| xlintl32.rest.idx_dll| 15.0.4709.1000| 407712| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1029| xlintl32.dll.idx_dll| 15.0.4448.1000| 99392| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1029| xlintl32.rest.idx_dll| 15.0.4709.1000| 396448| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1030| xlintl32.dll.idx_dll| 15.0.4442.1000| 97920| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1030| xlintl32.rest.idx_dll| 15.0.4709.1000| 398504| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1031| xlintl32.dll.idx_dll| 15.0.4937.1000| 108232| 16-Aug-17| 08:14 \nxlintl32.rest.idx_dll_1031| xlintl32.rest.idx_dll| 15.0.4963.1000| 409800| 16-Aug-17| 08:14 \nxlintl32.dll.idx_dll_1032| xlintl32.dll.idx_dll| 15.0.4448.1000| 99392| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1032| xlintl32.rest.idx_dll| 15.0.4709.1000| 398496| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1033| xlintl32.rest.idx_dll| 15.0.4703.1000| 407232| 15-Aug-17| 09:03 \nxlintl32.rest.idx_dll_3082| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1061| xlintl32.dll.idx_dll| 15.0.4460.1000| 99904| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1061| xlintl32.rest.idx_dll| 15.0.4709.1000| 404128| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1035| xlintl32.dll.idx_dll| 15.0.4442.1000| 98944| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1035| xlintl32.rest.idx_dll| 15.0.4937.1000| 407752| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1036| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1037| xlintl32.rest.idx_dll| 15.0.4709.1000| 386728| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1081| xlintl32.dll.idx_dll| 15.0.4442.1000| 97904| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1081| xlintl32.rest.idx_dll| 15.0.4709.1000| 392352| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1050| xlintl32.dll.idx_dll| 15.0.4481.1000| 101456| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1050| xlintl32.rest.idx_dll| 15.0.4709.1000| 408744| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1038| xlintl32.dll.idx_dll| 15.0.4448.1000| 101440| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1038| xlintl32.rest.idx_dll| 15.0.4709.1000| 396960| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1057| xlintl32.dll.idx_dll| 15.0.4469.1000| 99408| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1057| xlintl32.rest.idx_dll| 15.0.4709.1000| 403624| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1040| xlintl32.rest.idx_dll| 15.0.4763.1000| 401984| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1041| xlintl32.rest.idx_dll| 15.0.4709.1000| 381088| 16-Aug-17| 08:14 \nxlintl32.dll.idx_dll_1087| xlintl32.dll.idx_dll| 15.0.4460.1000| 97856| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1087| xlintl32.rest.idx_dll| 15.0.4709.1000| 400544| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1042| xlintl32.rest.idx_dll| 15.0.4709.1000| 379040| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1063| xlintl32.dll.idx_dll| 15.0.4466.1000| 100928| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1063| xlintl32.rest.idx_dll| 15.0.4709.1000| 406688| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1062| xlintl32.dll.idx_dll| 15.0.4466.1000| 100928| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1062| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1086| xlintl32.dll.idx_dll| 15.0.4481.1000| 98880| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1086| xlintl32.rest.idx_dll| 15.0.4709.1000| 403616| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1044| xlintl32.dll.idx_dll| 15.0.4442.1000| 97392| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1044| xlintl32.rest.idx_dll| 15.0.4727.1000| 400040| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1043| xlintl32.rest.idx_dll| 15.0.4963.1000| 407744| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1045| xlintl32.dll.idx_dll| 15.0.4442.1000| 100480| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1045| xlintl32.rest.idx_dll| 15.0.4709.1000| 397472| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1046| xlintl32.rest.idx_dll| 15.0.4709.1000| 408736| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_2070| xlintl32.dll.idx_dll| 15.0.4442.1000| 99440| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_2070| xlintl32.rest.idx_dll| 15.0.4709.1000| 402592| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1048| xlintl32.dll.idx_dll| 15.0.4454.1000| 99408| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1048| xlintl32.rest.idx_dll| 15.0.4709.1000| 393888| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1049| xlintl32.rest.idx_dll| 15.0.4709.1000| 406688| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1051| xlintl32.dll.idx_dll| 15.0.4466.1000| 98880| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1051| xlintl32.rest.idx_dll| 15.0.4709.1000| 397984| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1060| xlintl32.dll.idx_dll| 15.0.4463.1000| 99920| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1060| xlintl32.rest.idx_dll| 15.0.4709.1000| 399520| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_2074| xlintl32.dll.idx_dll| 15.0.4460.1000| 100928| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_2074| xlintl32.rest.idx_dll| 15.0.4709.1000| 408224| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1053| xlintl32.dll.idx_dll| 15.0.4442.1000| 96880| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1053| xlintl32.rest.idx_dll| 15.0.4709.1000| 397984| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1054| xlintl32.dll.idx_dll| 15.0.4454.1000| 97872| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1054| xlintl32.rest.idx_dll| 15.0.4709.1000| 392352| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1055| xlintl32.dll.idx_dll| 15.0.4454.1000| 101456| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1055| xlintl32.rest.idx_dll| 15.0.4709.1000| 402592| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1058| xlintl32.dll.idx_dll| 15.0.4448.1000| 102464| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1058| xlintl32.rest.idx_dll| 15.0.4709.1000| 407200| 16-Aug-17| 08:15 \nxlintl32.dll.idx_dll_1066| xlintl32.dll.idx_dll| 15.0.4481.1000| 100416| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_1066| xlintl32.rest.idx_dll| 15.0.4709.1000| 410272| 16-Aug-17| 08:15 \nxlintl32.rest.idx_dll_2052| xlintl32.rest.idx_dll| 15.0.4709.1000| 380064| 16-Aug-17| 08:16 \nxlintl32.rest.idx_dll_1028| xlintl32.rest.idx_dll| 15.0.4709.1000| 381088| 16-Aug-17| 08:16 \nexptoows.xla.1025| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1026| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1027| exptoows.xla| | 100864| | \nexptoows.xla.1028| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1029| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1030| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1031| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1032| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1033| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1035| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1036| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1037| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1038| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1039| exptoows.xla| | 100864| | \nexptoows.xla.1040| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1042| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1043| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1044| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1045| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1046| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1048| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1049| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1050| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1051| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1052| exptoows.xla| | 100864| | \nexptoows.xla.1053| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1054| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1055| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1056| exptoows.xla| | 100864| | \nexptoows.xla.1057| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1058| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1059| exptoows.xla| | 100864| | \nexptoows.xla.1060| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1061| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1062| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1063| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1064| exptoows.xla| | 100864| | \nexptoows.xla.1065| exptoows.xla| | 100864| | \nexptoows.xla.1066| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1067| exptoows.xla| | 100864| | \nexptoows.xla.1068| exptoows.xla| | 100864| | \nexptoows.xla.1069| exptoows.xla| | 100864| | \nexptoows.xla.1071| exptoows.xla| | 100864| | \nexptoows.xla.1074| exptoows.xla| | 100864| | \nexptoows.xla.1076| exptoows.xla| | 100864| | \nexptoows.xla.1077| exptoows.xla| | 100864| | \nexptoows.xla.1078| exptoows.xla| | 100864| | \nexptoows.xla.1079| exptoows.xla| | 100864| | \nexptoows.xla.1081| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1082| exptoows.xla| | 100864| | \nexptoows.xla.1086| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1087| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.1088| exptoows.xla| | 100864| | \nexptoows.xla.1089| exptoows.xla| | 100864| | \nexptoows.xla.1090| exptoows.xla| | 100864| | \nexptoows.xla.1091| exptoows.xla| | 100864| | \nexptoows.xla.1092| exptoows.xla| | 100864| | \nexptoows.xla.1093| exptoows.xla| | 100864| | \nexptoows.xla.1094| exptoows.xla| | 100864| | \nexptoows.xla.1095| exptoows.xla| | 100864| | \nexptoows.xla.1096| exptoows.xla| | 100864| | \nexptoows.xla.1097| exptoows.xla| | 100864| | \nexptoows.xla.1098| exptoows.xla| | 100864| | \nexptoows.xla.1099| exptoows.xla| | 100864| | \nexptoows.xla.1100| exptoows.xla| | 100864| | \nexptoows.xla.1101| exptoows.xla| | 100864| | \nexptoows.xla.1102| exptoows.xla| | 100864| | \nexptoows.xla.1104| exptoows.xla| | 100864| | \nexptoows.xla.1106| exptoows.xla| | 100864| | \nexptoows.xla.1107| exptoows.xla| | 100864| | \nexptoows.xla.1110| exptoows.xla| | 100864| | \nexptoows.xla.1111| exptoows.xla| | 100864| | \nexptoows.xla.1115| exptoows.xla| | 100864| | \nexptoows.xla.1116| exptoows.xla| | 100864| | \nexptoows.xla.1118| exptoows.xla| | 100864| | \nexptoows.xla.1121| exptoows.xla| | 100864| | \nexptoows.xla.1124| exptoows.xla| | 100864| | \nexptoows.xla.1128| exptoows.xla| | 100864| | \nexptoows.xla.1130| exptoows.xla| | 100864| | \nexptoows.xla.1132| exptoows.xla| | 100864| | \nexptoows.xla.1134| exptoows.xla| | 100864| | \nexptoows.xla.1136| exptoows.xla| | 100864| | \nexptoows.xla.1139| exptoows.xla| | 100864| | \nexptoows.xla.1152| exptoows.xla| | 100864| | \nexptoows.xla.1153| exptoows.xla| | 100864| | \nexptoows.xla.1158| exptoows.xla| | 100864| | \nexptoows.xla.1159| exptoows.xla| | 100864| | \nexptoows.xla.1160| exptoows.xla| | 100864| | \nexptoows.xla.1164| exptoows.xla| | 100864| | \nexptoows.xla.1169| exptoows.xla| | 100864| | \nexptoows.xla.1170| exptoows.xla| | 100864| | \nexptoows.xla.2051| exptoows.xla| | 100864| | \nexptoows.xla.2052| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.2068| exptoows.xla| | 100864| | \nexptoows.xla.2070| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.2074| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.2108| exptoows.xla| | 100864| | \nexptoows.xla.2117| exptoows.xla| | 100864| | \nexptoows.xla.2118| exptoows.xla| | 100864| | \nexptoows.xla.2137| exptoows.xla| | 100864| | \nexptoows.xla.2141| exptoows.xla| | 100864| | \nexptoows.xla.3082| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexptoows.xla.3098| exptoows.xla| | 100864| | \nexptoows.xla.3179| exptoows.xla| | 100864| | \nexptoows.xla.5146| exptoows.xla| | 100864| | \nexptoows.xla.7194| exptoows.xla| | 100864| | \nexptoows.xla.1041| exptoows.xla| | 100864| 15-Aug-17| 09:03 \nexcel.veman.xml| excel.visualelementsmanifest.xml| | 338| 15-Aug-17| 09:03 \nxlintl32.dll_1033| xlintl32.dll| 15.0.4703.1000| 4421312| 15-Aug-17| 09:03 \nxllex.dll_1033| xllex.dll| 15.0.4569.1000| 37568| 15-Aug-17| 09:03 \nexcel.exe| excel.exe| 15.0.4963.1000| 25745088| 15-Aug-17| 09:03 \nexcel.man| excel.exe.manifest| | 1227| 15-Aug-17| 09:03 \nxl12cnv.exe| excelcnv.exe| 15.0.4963.1000| 21957824| 15-Aug-17| 09:03 \nxl12cnvp.dll| excelcnvpxy.dll| 15.0.4454.1000| 46144| 15-Aug-17| 09:03 \nxlcall32.dll| xlcall32.dll| 15.0.4454.1000| 10328| 15-Aug-17| 09:03 \nsolver.xlam_1025| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1026| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1033| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1037| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1054| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1057| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1061| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1062| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1063| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1066| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1081| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1086| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_1087| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver.xlam_2074| solver.xlam| | 408981| 16-Aug-17| 08:14 \nsolver32.dll_1025| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1026| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1028| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1029| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1030| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1031| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1032| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1033| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1035| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1036| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1037| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1038| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1040| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1041| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1042| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1043| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1044| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1045| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1046| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1048| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1049| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1050| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1051| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1053| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1054| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1055| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1057| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1058| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1060| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1061| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1062| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1063| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1066| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1081| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1086| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_1087| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_2052| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_2070| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_2074| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nsolver32.dll_3082| solver32.dll| 15.0.4454.1000| 173112| 15-Aug-17| 09:03 \nFor all supported x64-based versions of Excel 2013File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nexptoows.dll.1025| exptoows.dll| 15.0.4442.1000| 13448| 16-Aug-17| 08:28 \nexptoows.dll.1030| exptoows.dll| 15.0.4442.1000| 14480| 16-Aug-17| 08:28 \nexptoows.dll.1031| exptoows.dll| 15.0.4442.1000| 15000| 16-Aug-17| 08:28 \nexptoows.dll.3082| exptoows.dll| 15.0.4442.1000| 14488| 16-Aug-17| 08:28 \nexptoows.dll.1036| exptoows.dll| 15.0.4442.1000| 14512| 16-Aug-17| 08:28 \nexptoows.dll.1037| exptoows.dll| 15.0.4442.1000| 13440| 16-Aug-17| 08:28 \nexptoows.dll.1081| exptoows.dll| 15.0.4442.1000| 13936| 16-Aug-17| 08:28 \nexptoows.dll.1057| exptoows.dll| 15.0.4463.1000| 13920| 16-Aug-17| 08:28 \nexptoows.dll.1040| exptoows.dll| 15.0.4442.1000| 14496| 16-Aug-17| 08:28 \nexptoows.dll.1041| exptoows.dll| 15.0.4442.1000| 12936| 16-Aug-17| 08:28 \nexptoows.dll.1042| exptoows.dll| 15.0.4442.1000| 12416| 16-Aug-17| 08:28 \nexptoows.dll.1043| exptoows.dll| 15.0.4442.1000| 14488| 16-Aug-17| 08:29 \nexptoows.dll.1046| exptoows.dll| 15.0.4442.1000| 14496| 16-Aug-17| 08:29 \nexptoows.dll.2070| exptoows.dll| 15.0.4442.1000| 14512| 16-Aug-17| 08:29 \nexptoows.dll.1049| exptoows.dll| 15.0.4442.1000| 13936| 16-Aug-17| 08:29 \nexptoows.dll.1060| exptoows.dll| 15.0.4454.1000| 13944| 16-Aug-17| 08:29 \nexptoows.dll.1066| exptoows.dll| 15.0.4481.1000| 14400| 16-Aug-17| 08:29 \nexptoows.dll.2052| exptoows.dll| 15.0.4442.1000| 11912| 16-Aug-17| 08:29 \nexptoows.dll.1028| exptoows.dll| 15.0.4442.1000| 12416| 16-Aug-17| 08:29 \nxlintl32.dll_1025| xlintl32.dll| 15.0.4963.1000| 4774600| 16-Aug-17| 08:24 \nxllex.dll_1025| xllex.dll| 15.0.4569.1000| 38592| 16-Aug-17| 08:24 \nxlintl32.dll_1026| xlintl32.dll| 15.0.4963.1000| 4961480| 16-Aug-17| 08:24 \nxllex.dll_1026| xllex.dll| 15.0.4569.1000| 40616| 16-Aug-17| 08:24 \nxlintl32.dll_1029| xlintl32.dll| 15.0.4963.1000| 4927216| 16-Aug-17| 08:24 \nxllex.dll_1029| xllex.dll| 15.0.4569.1000| 66240| 16-Aug-17| 08:24 \nxlintl32.dll_1030| xlintl32.dll| 15.0.4963.1000| 4624640| 16-Aug-17| 08:24 \nxllex.dll_1030| xllex.dll| 15.0.4953.1000| 50424| 16-Aug-17| 08:24 \nxlintl32.dll_1031| xlintl32.dll| 15.0.4963.1000| 4785408| 16-Aug-17| 08:24 \nxllex.dll_1031| xllex.dll| 15.0.4569.1000| 43712| 16-Aug-17| 08:24 \nxlintl32.dll_1032| xlintl32.dll| 15.0.4963.1000| 5208264| 16-Aug-17| 08:24 \nxllex.dll_1032| xllex.dll| 15.0.4569.1000| 57512| 16-Aug-17| 08:24 \nxlintl32.dll_3082| xlintl32.dll| 15.0.4963.1000| 4728080| 16-Aug-17| 08:24 \nxllex.dll_3082| xllex.dll| 15.0.4569.1000| 43720| 16-Aug-17| 08:24 \nxlintl32.dll_1061| xlintl32.dll| 15.0.4963.1000| 4843264| 16-Aug-17| 08:24 \nxllex.dll_1061| xllex.dll| 15.0.4569.1000| 40128| 16-Aug-17| 08:24 \nxlintl32.dll_1035| xlintl32.dll| 15.0.4963.1000| 4740840| 16-Aug-17| 08:24 \nxllex.dll_1035| xllex.dll| 15.0.4569.1000| 43192| 16-Aug-17| 08:24 \nxlintl32.dll_1036| xlintl32.dll| 15.0.4963.1000| 5142272| 16-Aug-17| 08:24 \nxllex.dll_1036| xllex.dll| 15.0.4569.1000| 57536| 16-Aug-17| 08:24 \nxlintl32.dll_1037| xlintl32.dll| 15.0.4963.1000| 4728008| 16-Aug-17| 08:24 \nxllex.dll_1037| xllex.dll| 15.0.4569.1000| 55976| 16-Aug-17| 08:24 \nxlintl32.dll_1081| xlintl32.dll| 15.0.4963.1000| 4872904| 16-Aug-17| 08:24 \nxllex.dll_1081| xllex.dll| 15.0.4569.1000| 39080| 16-Aug-17| 08:24 \nxlintl32.dll_1050| xlintl32.dll| 15.0.4963.1000| 4695336| 16-Aug-17| 08:24 \nxllex.dll_1050| xllex.dll| 15.0.4569.1000| 40664| 16-Aug-17| 08:24 \nxlintl32.dll_1038| xlintl32.dll| 15.0.4963.1000| 4979968| 16-Aug-17| 08:24 \nxllex.dll_1038| xllex.dll| 15.0.4569.1000| 67776| 16-Aug-17| 08:24 \nxlintl32.dll_1057| xlintl32.dll| 15.0.4963.1000| 4614912| 16-Aug-17| 08:24 \nxllex.dll_1057| xllex.dll| 15.0.4569.1000| 39616| 16-Aug-17| 08:24 \nxlintl32.dll_1040| xlintl32.dll| 15.0.4963.1000| 4737296| 16-Aug-17| 08:24 \nxllex.dll_1040| xllex.dll| 15.0.4569.1000| 44744| 16-Aug-17| 08:24 \nxlintl32.dll_1041| xlintl32.dll| 15.0.4963.1000| 4317896| 16-Aug-17| 08:24 \nxllex.dll_1041| xllex.dll| 15.0.4569.1000| 46760| 16-Aug-17| 08:24 \nxlintl32.dll_1087| xlintl32.dll| 15.0.4963.1000| 4952264| 16-Aug-17| 08:24 \nxllex.dll_1087| xllex.dll| 15.0.4569.1000| 55464| 16-Aug-17| 08:24 \nxlintl32.dll_1042| xlintl32.dll| 15.0.4963.1000| 4315840| 16-Aug-17| 08:24 \nxllex.dll_1042| xllex.dll| 15.0.4569.1000| 45736| 16-Aug-17| 08:24 \nxlintl32.dll_1063| xlintl32.dll| 15.0.4963.1000| 4962568| 16-Aug-17| 08:24 \nxllex.dll_1063| xllex.dll| 15.0.4569.1000| 41672| 16-Aug-17| 08:24 \nxlintl32.dll_1062| xlintl32.dll| 15.0.4963.1000| 4792584| 16-Aug-17| 08:24 \nxllex.dll_1062| xllex.dll| 15.0.4569.1000| 40648| 16-Aug-17| 08:24 \nxlintl32.dll_1086| xlintl32.dll| 15.0.4963.1000| 4639488| 16-Aug-17| 08:24 \nxllex.dll_1086| xllex.dll| 15.0.4569.1000| 39104| 16-Aug-17| 08:24 \nxlintl32.dll_1044| xlintl32.dll| 15.0.4963.1000| 4605184| 16-Aug-17| 08:24 \nxllex.dll_1044| xllex.dll| 15.0.4569.1000| 41664| 16-Aug-17| 08:24 \nxlintl32.dll_1043| xlintl32.dll| 15.0.4963.1000| 4725496| 16-Aug-17| 08:24 \nxllex.dll_1043| xllex.dll| 15.0.4569.1000| 42688| 16-Aug-17| 08:24 \nxlintl32.dll_1045| xlintl32.dll| 15.0.4963.1000| 5035808| 16-Aug-17| 08:24 \nxllex.dll_1045| xllex.dll| 15.0.4569.1000| 70352| 16-Aug-17| 08:24 \nxlintl32.dll_1046| xlintl32.dll| 15.0.4963.1000| 4707088| 16-Aug-17| 08:24 \nxllex.dll_1046| xllex.dll| 15.0.4569.1000| 42184| 16-Aug-17| 08:24 \nxlintl32.dll_2070| xlintl32.dll| 15.0.4963.1000| 4779792| 16-Aug-17| 08:25 \nxllex.dll_2070| xllex.dll| 15.0.4569.1000| 42696| 16-Aug-17| 08:25 \nxlintl32.dll_1048| xlintl32.dll| 15.0.4963.1000| 5014784| 16-Aug-17| 08:25 \nxllex.dll_1048| xllex.dll| 15.0.4569.1000| 56008| 16-Aug-17| 08:25 \nxlintl32.dll_1049| xlintl32.dll| 15.0.4963.1000| 4905672| 16-Aug-17| 08:25 \nxllex.dll_1049| xllex.dll| 15.0.4569.1000| 43688| 16-Aug-17| 08:25 \nxlintl32.dll_1051| xlintl32.dll| 15.0.4963.1000| 4951304| 16-Aug-17| 08:25 \nxllex.dll_1051| xllex.dll| 15.0.4569.1000| 55496| 16-Aug-17| 08:25 \nxlintl32.dll_1060| xlintl32.dll| 15.0.4963.1000| 4919080| 16-Aug-17| 08:25 \nxllex.dll_1060| xllex.dll| 15.0.4569.1000| 52440| 16-Aug-17| 08:25 \nxlintl32.dll_2074| xlintl32.dll| 15.0.4963.1000| 4971304| 16-Aug-17| 08:25 \nxllex.dll_2074| xllex.dll| 15.0.4569.1000| 52440| 16-Aug-17| 08:25 \nxlintl32.dll_1053| xlintl32.dll| 15.0.4963.1000| 4607744| 16-Aug-17| 08:25 \nxllex.dll_1053| xllex.dll| 15.0.4569.1000| 40640| 16-Aug-17| 08:25 \nxlintl32.dll_1054| xlintl32.dll| 15.0.4963.1000| 4627144| 16-Aug-17| 08:25 \nxllex.dll_1054| xllex.dll| 15.0.4569.1000| 39592| 16-Aug-17| 08:25 \nxlintl32.dll_1055| xlintl32.dll| 15.0.4963.1000| 4906752| 16-Aug-17| 08:25 \nxllex.dll_1055| xllex.dll| 15.0.4569.1000| 65216| 16-Aug-17| 08:25 \nxlintl32.dll_1058| xlintl32.dll| 15.0.4963.1000| 4881096| 16-Aug-17| 08:25 \nxllex.dll_1058| xllex.dll| 15.0.4569.1000| 40616| 16-Aug-17| 08:25 \nxlintl32.dll_1066| xlintl32.dll| 15.0.4963.1000| 4938440| 16-Aug-17| 08:25 \nxllex.dll_1066| xllex.dll| 15.0.4569.1000| 59048| 16-Aug-17| 08:25 \nxlintl32.dll_2052| xlintl32.dll| 15.0.4963.1000| 4112584| 16-Aug-17| 08:25 \nxllex.dll_2052| xllex.dll| 15.0.4569.1000| 49320| 16-Aug-17| 08:25 \nxlintl32.dll_1028| xlintl32.dll| 15.0.4963.1000| 4128968| 16-Aug-17| 08:25 \nxllex.dll_1028| xllex.dll| 15.0.4569.1000| 47272| 16-Aug-17| 08:25 \nsolver.xlam_1029| solver.xlam| | 397214| 16-Aug-17| 08:24 \nsolver.xlam_1030| solver.xlam| | 402502| 16-Aug-17| 08:24 \nsolver.xlam_1031| solver.xlam| | 402241| 16-Aug-17| 08:24 \nsolver.xlam_1032| solver.xlam| | 396750| 16-Aug-17| 08:24 \nsolver.xlam_3082| solver.xlam| | 402150| 16-Aug-17| 08:24 \nsolver.xlam_1035| solver.xlam| | 404077| 16-Aug-17| 08:24 \nsolver.xlam_1036| solver.xlam| | 404116| 16-Aug-17| 08:24 \nsolver.xlam_1050| solver.xlam| | 396596| 16-Aug-17| 08:24 \nsolver.xlam_1038| solver.xlam| | 396418| 16-Aug-17| 08:24 \nsolver.xlam_1040| solver.xlam| | 403485| 16-Aug-17| 08:24 \nsolver.xlam_1041| solver.xlam| | 395776| 16-Aug-17| 08:24 \nsolver.xlam_1042| solver.xlam| | 395586| 16-Aug-17| 08:24 \nsolver.xlam_1044| solver.xlam| | 403121| 16-Aug-17| 08:24 \nsolver.xlam_1043| solver.xlam| | 402507| 16-Aug-17| 08:24 \nsolver.xlam_1045| solver.xlam| | 395431| 16-Aug-17| 08:24 \nsolver.xlam_1046| solver.xlam| | 395758| 16-Aug-17| 08:24 \nsolver.xlam_2070| solver.xlam| | 396687| 16-Aug-17| 08:25 \nsolver.xlam_1048| solver.xlam| | 396270| 16-Aug-17| 08:25 \nsolver.xlam_1049| solver.xlam| | 397693| 16-Aug-17| 08:25 \nsolver.xlam_1051| solver.xlam| | 396458| 16-Aug-17| 08:25 \nsolver.xlam_1060| solver.xlam| | 399998| 16-Aug-17| 08:25 \nsolver.xlam_1053| solver.xlam| | 402794| 16-Aug-17| 08:25 \nsolver.xlam_1055| solver.xlam| | 396389| 16-Aug-17| 08:25 \nsolver.xlam_1058| solver.xlam| | 397706| 16-Aug-17| 08:25 \nsolver.xlam_2052| solver.xlam| | 395018| 16-Aug-17| 08:25 \nsolver.xlam_1028| solver.xlam| | 394778| 16-Aug-17| 08:25 \nxlicons.exe| xlicons.exe| 15.0.4553.1000| 3685544| 15-Aug-17| 09:03 \nxlintl32.rest.idx_dll_1025| xlintl32.rest.idx_dll| 15.0.4709.1000| 385184| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1026| xlintl32.dll.idx_dll| 15.0.4460.1000| 100416| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1026| xlintl32.rest.idx_dll| 15.0.4709.1000| 407720| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1029| xlintl32.dll.idx_dll| 15.0.4448.1000| 99392| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1029| xlintl32.rest.idx_dll| 15.0.4709.1000| 396456| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1030| xlintl32.dll.idx_dll| 15.0.4442.1000| 97920| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1030| xlintl32.rest.idx_dll| 15.0.4709.1000| 398504| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1031| xlintl32.dll.idx_dll| 15.0.4937.1000| 108224| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1031| xlintl32.rest.idx_dll| 15.0.4963.1000| 409800| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1032| xlintl32.dll.idx_dll| 15.0.4448.1000| 99408| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1032| xlintl32.rest.idx_dll| 15.0.4709.1000| 398504| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1033| xlintl32.rest.idx_dll| 15.0.4703.1000| 407232| 15-Aug-17| 09:03 \nxlintl32.rest.idx_dll_3082| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1061| xlintl32.dll.idx_dll| 15.0.4460.1000| 99904| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1061| xlintl32.rest.idx_dll| 15.0.4709.1000| 404136| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1035| xlintl32.dll.idx_dll| 15.0.4442.1000| 98944| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1035| xlintl32.rest.idx_dll| 15.0.4937.1000| 407744| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1036| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1037| xlintl32.rest.idx_dll| 15.0.4709.1000| 386720| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1081| xlintl32.dll.idx_dll| 15.0.4442.1000| 97920| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1081| xlintl32.rest.idx_dll| 15.0.4709.1000| 392352| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1050| xlintl32.dll.idx_dll| 15.0.4481.1000| 101440| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1050| xlintl32.rest.idx_dll| 15.0.4709.1000| 408744| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1038| xlintl32.dll.idx_dll| 15.0.4448.1000| 101440| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1038| xlintl32.rest.idx_dll| 15.0.4709.1000| 396960| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1057| xlintl32.dll.idx_dll| 15.0.4469.1000| 99408| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1057| xlintl32.rest.idx_dll| 15.0.4709.1000| 403616| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1040| xlintl32.rest.idx_dll| 15.0.4763.1000| 400552| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1041| xlintl32.rest.idx_dll| 15.0.4709.1000| 381088| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1087| xlintl32.dll.idx_dll| 15.0.4460.1000| 97856| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1087| xlintl32.rest.idx_dll| 15.0.4709.1000| 400552| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1042| xlintl32.rest.idx_dll| 15.0.4709.1000| 379040| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1063| xlintl32.dll.idx_dll| 15.0.4466.1000| 100928| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1063| xlintl32.rest.idx_dll| 15.0.4709.1000| 406688| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1062| xlintl32.dll.idx_dll| 15.0.4466.1000| 100928| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1062| xlintl32.rest.idx_dll| 15.0.4709.1000| 405152| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1086| xlintl32.dll.idx_dll| 15.0.4481.1000| 98896| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1086| xlintl32.rest.idx_dll| 15.0.4709.1000| 403616| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1044| xlintl32.dll.idx_dll| 15.0.4442.1000| 97408| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1044| xlintl32.rest.idx_dll| 15.0.4727.1000| 400040| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1043| xlintl32.rest.idx_dll| 15.0.4963.1000| 407752| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_1045| xlintl32.dll.idx_dll| 15.0.4442.1000| 100464| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1045| xlintl32.rest.idx_dll| 15.0.4709.1000| 397472| 16-Aug-17| 08:24 \nxlintl32.rest.idx_dll_1046| xlintl32.rest.idx_dll| 15.0.4709.1000| 408744| 16-Aug-17| 08:24 \nxlintl32.dll.idx_dll_2070| xlintl32.dll.idx_dll| 15.0.4442.1000| 99440| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_2070| xlintl32.rest.idx_dll| 15.0.4709.1000| 402592| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1048| xlintl32.dll.idx_dll| 15.0.4454.1000| 99392| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1048| xlintl32.rest.idx_dll| 15.0.4709.1000| 393896| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1049| xlintl32.rest.idx_dll| 15.0.4709.1000| 406688| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1051| xlintl32.dll.idx_dll| 15.0.4466.1000| 98880| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1051| xlintl32.rest.idx_dll| 15.0.4709.1000| 397984| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1060| xlintl32.dll.idx_dll| 15.0.4463.1000| 99904| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1060| xlintl32.rest.idx_dll| 15.0.4709.1000| 399520| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_2074| xlintl32.dll.idx_dll| 15.0.4460.1000| 100944| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_2074| xlintl32.rest.idx_dll| 15.0.4709.1000| 408224| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1053| xlintl32.dll.idx_dll| 15.0.4442.1000| 96880| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1053| xlintl32.rest.idx_dll| 15.0.4709.1000| 397984| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1054| xlintl32.dll.idx_dll| 15.0.4454.1000| 97856| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1054| xlintl32.rest.idx_dll| 15.0.4709.1000| 392360| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1055| xlintl32.dll.idx_dll| 15.0.4454.1000| 101440| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1055| xlintl32.rest.idx_dll| 15.0.4709.1000| 402592| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1058| xlintl32.dll.idx_dll| 15.0.4448.1000| 102464| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1058| xlintl32.rest.idx_dll| 15.0.4709.1000| 407208| 16-Aug-17| 08:25 \nxlintl32.dll.idx_dll_1066| xlintl32.dll.idx_dll| 15.0.4481.1000| 100416| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1066| xlintl32.rest.idx_dll| 15.0.4709.1000| 410272| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_2052| xlintl32.rest.idx_dll| 15.0.4709.1000| 380064| 16-Aug-17| 08:25 \nxlintl32.rest.idx_dll_1028| xlintl32.rest.idx_dll| 15.0.4709.1000| 381088| 16-Aug-17| 08:25 \nexptoows.xla.1025| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1026| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1027| exptoows.xla| | 114688| | \nexptoows.xla.1028| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1029| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1030| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1031| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1032| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1033| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1035| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1036| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1037| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1038| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1039| exptoows.xla| | 114688| | \nexptoows.xla.1040| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1041| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1042| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1043| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1044| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1045| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1046| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1048| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1049| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1050| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1051| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1052| exptoows.xla| | 114688| | \nexptoows.xla.1053| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1054| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1055| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1056| exptoows.xla| | 114688| | \nexptoows.xla.1057| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1058| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1059| exptoows.xla| | 114688| | \nexptoows.xla.1060| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1061| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1062| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1063| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1064| exptoows.xla| | 114688| | \nexptoows.xla.1065| exptoows.xla| | 114688| | \nexptoows.xla.1066| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1067| exptoows.xla| | 114688| | \nexptoows.xla.1068| exptoows.xla| | 114688| | \nexptoows.xla.1069| exptoows.xla| | 114688| | \nexptoows.xla.1071| exptoows.xla| | 114688| | \nexptoows.xla.1074| exptoows.xla| | 114688| | \nexptoows.xla.1076| exptoows.xla| | 114688| | \nexptoows.xla.1077| exptoows.xla| | 114688| | \nexptoows.xla.1078| exptoows.xla| | 114688| | \nexptoows.xla.1079| exptoows.xla| | 114688| | \nexptoows.xla.1081| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1082| exptoows.xla| | 114688| | \nexptoows.xla.1086| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1087| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.1088| exptoows.xla| | 114688| | \nexptoows.xla.1089| exptoows.xla| | 114688| | \nexptoows.xla.1090| exptoows.xla| | 114688| | \nexptoows.xla.1091| exptoows.xla| | 114688| | \nexptoows.xla.1092| exptoows.xla| | 114688| | \nexptoows.xla.1093| exptoows.xla| | 114688| | \nexptoows.xla.1094| exptoows.xla| | 114688| | \nexptoows.xla.1095| exptoows.xla| | 114688| | \nexptoows.xla.1096| exptoows.xla| | 114688| | \nexptoows.xla.1097| exptoows.xla| | 114688| | \nexptoows.xla.1098| exptoows.xla| | 114688| | \nexptoows.xla.1099| exptoows.xla| | 114688| | \nexptoows.xla.1100| exptoows.xla| | 114688| | \nexptoows.xla.1101| exptoows.xla| | 114688| | \nexptoows.xla.1102| exptoows.xla| | 114688| | \nexptoows.xla.1104| exptoows.xla| | 114688| | \nexptoows.xla.1106| exptoows.xla| | 114688| | \nexptoows.xla.1107| exptoows.xla| | 114688| | \nexptoows.xla.1110| exptoows.xla| | 114688| | \nexptoows.xla.1111| exptoows.xla| | 114688| | \nexptoows.xla.1115| exptoows.xla| | 114688| | \nexptoows.xla.1116| exptoows.xla| | 114688| | \nexptoows.xla.1118| exptoows.xla| | 114688| | \nexptoows.xla.1121| exptoows.xla| | 114688| | \nexptoows.xla.1124| exptoows.xla| | 114688| | \nexptoows.xla.1128| exptoows.xla| | 114688| | \nexptoows.xla.1130| exptoows.xla| | 114688| | \nexptoows.xla.1132| exptoows.xla| | 114688| | \nexptoows.xla.1134| exptoows.xla| | 114688| | \nexptoows.xla.1136| exptoows.xla| | 114688| | \nexptoows.xla.1139| exptoows.xla| | 114688| | \nexptoows.xla.1152| exptoows.xla| | 114688| | \nexptoows.xla.1153| exptoows.xla| | 114688| | \nexptoows.xla.1158| exptoows.xla| | 114688| | \nexptoows.xla.1159| exptoows.xla| | 114688| | \nexptoows.xla.1160| exptoows.xla| | 114688| | \nexptoows.xla.1164| exptoows.xla| | 114688| | \nexptoows.xla.1169| exptoows.xla| | 114688| | \nexptoows.xla.1170| exptoows.xla| | 114688| | \nexptoows.xla.2051| exptoows.xla| | 114688| | \nexptoows.xla.2052| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.2068| exptoows.xla| | 114688| | \nexptoows.xla.2070| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.2074| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.2108| exptoows.xla| | 114688| | \nexptoows.xla.2117| exptoows.xla| | 114688| | \nexptoows.xla.2118| exptoows.xla| | 114688| | \nexptoows.xla.2137| exptoows.xla| | 114688| | \nexptoows.xla.2141| exptoows.xla| | 114688| | \nexptoows.xla.3082| exptoows.xla| | 114688| 15-Aug-17| 09:04 \nexptoows.xla.3098| exptoows.xla| | 114688| | \nexptoows.xla.3179| exptoows.xla| | 114688| | \nexptoows.xla.5146| exptoows.xla| | 114688| | \nexptoows.xla.7194| exptoows.xla| | 114688| | \nexcel.veman.xml| excel.visualelementsmanifest.xml| | 338| 15-Aug-17| 09:03 \nxlintl32.dll_1033| xlintl32.dll| 15.0.4703.1000| 4483768| 15-Aug-17| 09:03 \nxlintl32.fallback.dll.1033| xlintl32.dll| 15.0.4703.1000| 4483768| 15-Aug-17| 09:03 \nxllex.dll_1033| xllex.dll| 15.0.4569.1000| 37568| 15-Aug-17| 09:03 \nexcel.exe| excel.exe| 15.0.4963.1000| 33048256| 15-Aug-17| 09:03 \nexcel.man| excel.exe.manifest| | 1227| 15-Aug-17| 09:03 \nxl12cnv.exe| excelcnv.exe| 15.0.4963.1000| 29511872| 15-Aug-17| 09:03 \nxlsrv.ecs.excelcnv.exe| excelcnv.exe| 15.0.4963.1000| 29511872| 15-Aug-17| 09:03 \nxl12cnvp.dll| excelcnvpxy.dll| 15.0.4454.1000| 48704| 15-Aug-17| 09:03 \nxlcall32.dll| xlcall32.dll| 15.0.4454.1000| 10856| 15-Aug-17| 09:03 \nsolver.xlam_1025| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1026| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1033| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1037| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1054| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1057| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1061| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1062| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1063| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1066| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1081| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1086| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_1087| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver.xlam_2074| solver.xlam| | 426707| 16-Aug-17| 08:24 \nsolver32.dll_1025| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1026| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1028| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1029| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1030| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1031| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1032| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1033| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1035| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1036| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1037| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1038| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1040| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1041| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1042| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1043| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1044| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1045| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1046| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1048| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1049| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1050| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1051| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1053| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1054| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1055| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1057| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1058| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1060| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1061| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1062| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1063| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1066| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1081| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1086| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_1087| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_2052| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_2070| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_2074| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \nsolver32.dll_3082| solver32.dll| 15.0.4454.1000| 216136| 15-Aug-17| 09:03 \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Description of the security update for Excel 2013: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8631", "CVE-2017-8632"], "modified": "2017-09-12T07:00:00", "id": "KB4011108", "href": "https://support.microsoft.com/en-us/help/4011108", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T10:16:06", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>), and [Microsoft Common Vulnerabilities and Exposures CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>). \n \n**Note** To apply this security update, you must have the release version of Excel 2016 installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issues:\n\n * VBA code in Excel 2016 has worse performance than in Excel 2010.\n * Assume that you run a macro to hide a shape in a worksheet in Excel 2016. After you copy cells that contain the invisible shape and paste to a Word document, the shape becomes visible.\n * Improve the translation for the following in Excel 2016:\n * The description for the T function in German\n * Warning message when you delete a row in filtered table in Dutch\n * When you drag an object from another application to a workbook in Excel 2016, the object is dropped at a different position.\n * Add some Get $ Transform features in Excel 2016. See KB4011114 for more information.\n * Excel 2016 may crash when filtering PivotTable in a workbook.\n * Document Inspector seems to freeze when you open some files and then return to it.\n * Excel 2016 may crash when you convert data model PivotTables to formulas and then undo the operation.\n * The drill down of data model PivotTables doesn't include enough fields (foreign key should be included).\n * The connection name of a data model that is created in Excel 2010 is changed in Excel 2016 before the data mode upgrade.\n * Online Analytical Processing (OLAP) PivotTable field list is not updated after you create the first MDX calculated measure.\n * When you undo a sheet-insertion operation for a PivotTable list formula in Excel 2016, Excel 2016 may crash.\n * Power Pivot freezes when you delete a column from a data model.\n * Excel crashes after you undo the change of the table style layout of a Pivot Table.\n * When you select **Summarize with PivotTable** from the **Tell Me** drop-down list in Excel 2016, Excel 2016 may crash if the chart sheet is active.\n * The drill down of Pivot Table does not generate the following error message:\n\nMembers, tuples, or sets must use the same hierarchies in the function.\n\n * You can't commit changes to the provider definitions of PowerPivot data.\n * PowerPivot can't load the data model when you upgrade the data model in a workbook that is opened from SharePoint.\n * You can't load tables in PowerPivot, and you experience an unhandled exception when the PowerPivot window is opened on a large display screen.\n * When you try to create a new Pivot Table from the PowerPivot window, you receive the following error message:\n\nException has been thrown by the target of an invocation.\n\n * The current selection is replaced by the table name after you change the PowerPivot window size.\n * When you delete a sheet for the data model of PowerPivot in Excel 2016, Excel 2016 may crash.\n * After you delete the data connection and then undo the operation, Excel 2016 freezes or crashes.\n\n## Known issues\n\nAfter this update is installed, black borders may appear around rows or cells in Microsoft Excel spreadsheets when you enter text. To fix this issue, install September 12, 2017, update for Excel 2016 (KB4011165).\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB4011050>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download the security update KB4011050 for the 32-bit version of Excel 2016](<http://www.microsoft.com/download/details.aspx?familyid=27248e4e-86c1-41d6-a6cd-2eaedc199358>)\n * [Download the security update KB4011050 for the 64-bit version of Excel 2016](<http://www.microsoft.com/download/details.aspx?familyid=6b1a3077-183a-4b80-85a5-e46d4906b744>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [KB3203477](<http://support.microsoft.com/kb/3203477>).\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \nexcel2016-kb4011050-fullfile-x64-glb.exe| 94F9134EA5F87CB1B5087F9592A5697303C2C004| 038AE7BA13DB714A822F3715910B385246A7C43A4164CD5A19E9D199C3156650 \nexcel2016-kb4011050-fullfile-x86-glb.exe| 0CB28FAD51B93411C1E824856622E30F0FE0321C| 15CAF33D435C4AB6D8E084EAE530E932865DC2CD207F6A747135230F91E41487 \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \nFor all supported x86-based versions of Excel 2016| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nxlintl32.dll_1025| xlintl32.dll| 16.0.4573.1000| 17105088| 16-Aug-17| 12:42 \nxlintl32.dll_1026| xlintl32.dll| 16.0.4573.1000| 17149632| 16-Aug-17| 12:42 \nxlintl32.dll_1029| xlintl32.dll| 16.0.4573.1000| 17182960| 16-Aug-17| 12:42 \nxlintl32.dll_1030| xlintl32.dll| 16.0.4573.1000| 17085176| 16-Aug-17| 12:42 \nxllex.dll_1030| xllex.dll| 16.0.4573.1000| 46328| 16-Aug-17| 12:42 \nxlintl32.dll_1031| xlintl32.dll| 16.0.4588.1000| 17223936| 16-Aug-17| 11:54 \nxlintl32.dll_1032| xlintl32.dll| 16.0.4573.1000| 17255616| 16-Aug-17| 12:42 \nxlintl32.dll_3082| xlintl32.dll| 16.0.4573.1000| 17134352| 16-Aug-17| 12:42 \nxlintl32.dll_1061| xlintl32.dll| 16.0.4573.1000| 17072384| 16-Aug-17| 12:42 \nxlintl32.dll_1035| xlintl32.dll| 16.0.4573.1000| 17083112| 16-Aug-17| 12:43 \nxlintl32.dll_1036| xlintl32.dll| 16.0.4573.1000| 17205496| 16-Aug-17| 12:43 \nxlintl32.dll_1037| xlintl32.dll| 16.0.4573.1000| 17040064| 16-Aug-17| 12:43 \nxlintl32.dll_1081| xlintl32.dll| 16.0.4573.1000| 17187520| 16-Aug-17| 12:43 \nxlintl32.dll_1050| xlintl32.dll| 16.0.4573.1000| 17109800| 16-Aug-17| 12:43 \nxlintl32.dll_1038| xlintl32.dll| 16.0.4573.1000| 17194736| 16-Aug-17| 12:43 \nxlintl32.dll_1057| xlintl32.dll| 16.0.4573.1000| 17077496| 16-Aug-17| 12:43 \nxlintl32.dll_1040| xlintl32.dll| 16.0.4573.1000| 17120528| 16-Aug-17| 12:43 \nxlintl32.dll_1041| xlintl32.dll| 16.0.4573.1000| 17137856| 16-Aug-17| 12:42 \nxlintl32.dll_1087| xlintl32.dll| 16.0.4573.1000| 17205952| 16-Aug-17| 12:43 \nxlintl32.dll_1042| xlintl32.dll| 16.0.4573.1000| 17121472| 16-Aug-17| 12:43 \nxlintl32.dll_1063| xlintl32.dll| 16.0.4573.1000| 17154824| 16-Aug-17| 12:43 \nxlintl32.dll_1062| xlintl32.dll| 16.0.4573.1000| 17129728| 16-Aug-17| 12:43 \nxlintl32.dll_1086| xlintl32.dll| 16.0.4573.1000| 17082104| 16-Aug-17| 12:43 \nxlintl32.dll_1044| xlintl32.dll| 16.0.4573.1000| 17069816| 16-Aug-17| 12:43 \nxlintl32.dll_1043| xlintl32.dll| 16.0.4588.1000| 17129216| 16-Aug-17| 11:55 \nxlintl32.dll_1045| xlintl32.dll| 16.0.4573.1000| 17200416| 16-Aug-17| 12:43 \nxlintl32.dll_1046| xlintl32.dll| 16.0.4573.1000| 17148688| 16-Aug-17| 12:43 \nxlintl32.dll_2070| xlintl32.dll| 16.0.4573.1000| 17150224| 16-Aug-17| 12:43 \nxlintl32.dll_1048| xlintl32.dll| 16.0.4573.1000| 17206016| 16-Aug-17| 12:43 \nxlintl32.dll_1049| xlintl32.dll| 16.0.4573.1000| 17140928| 16-Aug-17| 12:43 \nxlintl32.dll_1051| xlintl32.dll| 16.0.4573.1000| 17195272| 16-Aug-17| 12:43 \nxlintl32.dll_1060| xlintl32.dll| 16.0.4573.1000| 17119016| 16-Aug-17| 12:43 \nxlintl32.dll_2074| xlintl32.dll| 16.0.4567.1000| 17133352| 16-Aug-17| 12:43 \nxlintl32.dll_9242| xlintl32.dll| 16.0.4573.1000| 17132840| 16-Aug-17| 12:43 \nxlintl32.dll_1053| xlintl32.dll| 16.0.4573.1000| 17075968| 16-Aug-17| 12:43 \nxlintl32.dll_1054| xlintl32.dll| 16.0.4573.1000| 17142976| 16-Aug-17| 12:43 \nxlintl32.dll_1055| xlintl32.dll| 16.0.4573.1000| 17181944| 16-Aug-17| 12:43 \nxlintl32.dll_1058| xlintl32.dll| 16.0.4573.1000| 17145536| 16-Aug-17| 12:43 \nxlintl32.dll_1066| xlintl32.dll| 16.0.4573.1000| 17197248| 16-Aug-17| 12:43 \nxlintl32.dll_2052| xlintl32.dll| 16.0.4573.1000| 16974016| 16-Aug-17| 12:43 \nxlintl32.dll_1028| xlintl32.dll| 16.0.4573.1000| 16987848| 16-Aug-17| 12:43 \nclient.models.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.client.models.dll| | 138952| 15-Aug-17| 01:03 \nclient.windows.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.client.windows.dll| | 40614088| 15-Aug-17| 01:03 \ncontainer35.exe.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.container.exe| | 26904| 15-Aug-17| 01:03 \ncontainer40.exe.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.container.netfx40.exe| | 27416| 15-Aug-17| 01:03 \ncontainer45.exe.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.container.netfx45.exe| | 27416| 15-Aug-17| 01:03 \ndocument.af_za.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220864| 15-Aug-17| 01:03 \ndocument.am_et.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 265928| 15-Aug-17| 01:03 \ndocument.ar_sa.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 261832| 15-Aug-17| 01:03 \ndocument.as_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 323272| 15-Aug-17| 01:03 \ndocument.az_latn_az.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 237256| 15-Aug-17| 01:03 \ndocument.be_by.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.bg_bg.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 282312| 15-Aug-17| 01:03 \ndocument.bn_bd.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 323272| 15-Aug-17| 01:03 \ndocument.bn_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 331464| 15-Aug-17| 01:03 \ndocument.bs_latn_ba.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.ca_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229056| 15-Aug-17| 01:03 \ndocument.ca_es_valencia.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.cs_cz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.cy_gb.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224960| 15-Aug-17| 01:03 \ndocument.da_dk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.de_de.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.dll| | 2593992| 15-Aug-17| 01:03 \ndocument.el_gr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 298696| 15-Aug-17| 01:03 \ndocument.es_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.et_ee.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220872| 15-Aug-17| 01:03 \ndocument.eu_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.fa_ir.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 257736| 15-Aug-17| 01:03 \ndocument.fi_fi.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.fil_ph.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.fr_fr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.ga_ie.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.gd_gb.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 241352| 15-Aug-17| 01:03 \ndocument.gl_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.gu_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 315080| 15-Aug-17| 01:03 \ndocument.he_il.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 253640| 15-Aug-17| 01:03 \ndocument.hi_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 315080| 15-Aug-17| 01:03 \ndocument.hr_hr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.hu_hu.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.hy_am.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 282312| 15-Aug-17| 01:03 \ndocument.id_id.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220872| 15-Aug-17| 01:03 \ndocument.is_is.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.it_it.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.ja_jp.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 249544| 15-Aug-17| 01:03 \ndocument.ka_ge.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 339648| 15-Aug-17| 01:03 \ndocument.kk_kz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.km_kh.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 323272| 15-Aug-17| 01:03 \ndocument.kn_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 331464| 15-Aug-17| 01:03 \ndocument.ko_kr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233152| 15-Aug-17| 01:03 \ndocument.kok_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 319176| 15-Aug-17| 01:03 \ndocument.ky_kg.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.lb_lu.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.lt_lt.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.lv_lv.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.mi_nz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.mk_mk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 282312| 15-Aug-17| 01:03 \ndocument.ml_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 356040| 15-Aug-17| 01:03 \ndocument.mn_mn.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.mr_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 315080| 15-Aug-17| 01:03 \ndocument.ms_my.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220872| 15-Aug-17| 01:03 \ndocument.mt_mt.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.nb_no.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220872| 15-Aug-17| 01:03 \ndocument.ne_np.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 331464| 15-Aug-17| 01:03 \ndocument.nl_nl.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229056| 15-Aug-17| 01:03 \ndocument.nn_no.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 220872| 15-Aug-17| 01:03 \ndocument.or_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 339656| 15-Aug-17| 01:03 \ndocument.pa_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 310984| 15-Aug-17| 01:03 \ndocument.pl_pl.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.prs_af.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 261832| 15-Aug-17| 01:03 \ndocument.pt_br.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.pt_pt.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.quz_pe.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.ro_ro.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.ru_ru.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 278216| 15-Aug-17| 01:03 \ndocument.sd_arab_pk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 257736| 15-Aug-17| 01:03 \ndocument.si_lk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 315080| 15-Aug-17| 01:03 \ndocument.sk_sk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.sl_si.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.sq_al.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 233160| 15-Aug-17| 01:03 \ndocument.sr_cyrl_ba.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.sr_cyrl_rs.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.sr_latn_cs.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.sr_latn_rs.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.sv_se.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.sw_ke.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \nanalys32.xll_1033| analys32.xll| | 212680| 15-Aug-17| 01:02 \nanalys32.xll_1035| analys32.xll| | 212680| 15-Aug-17| 01:02 \ndocument.ta_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 351936| 15-Aug-17| 01:03 \ndocument.te_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 331464| 15-Aug-17| 01:03 \ndocument.th_th.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 315080| 15-Aug-17| 01:03 \ndocument.tk_tm.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224968| 15-Aug-17| 01:03 \ndocument.tr_tr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 224960| 15-Aug-17| 01:03 \ndocument.tt_ru.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 270024| 15-Aug-17| 01:03 \ndocument.ug_cn.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 274120| 15-Aug-17| 01:03 \ndocument.uk_ua.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 278216| 15-Aug-17| 01:03 \ndocument.ur_pk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 265928| 15-Aug-17| 01:03 \ndocument.uz_latn_uz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 229064| 15-Aug-17| 01:03 \ndocument.vi_vn.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 245448| 15-Aug-17| 01:03 \ndocument.xmlserializers.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.xmlserializers.dll| | 974536| 15-Aug-17| 01:03 \ndocument.zh_cn.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 212680| 15-Aug-17| 01:03 \ndocument.zh_tw.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.document.resources.dll| | 216776| 15-Aug-17| 01:03 \ndocumentformat.openxml.dll.07275332_82e4_4820_9fdd_2423cd8daa85| documentformat.openxml.dll| | 0| 15-Aug-17| 01:03 \ndocumentservices.af_za.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \nanalys32.xll_1036| analys32.xll| | 212680| 15-Aug-17| 01:02 \nanalys32.xll_1037| analys32.xll| | 212680| 15-Aug-17| 01:02 \ndocumentservices.am_et.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.ar_sa.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.as_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.az_latn_az.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.be_by.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.bg_bg.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.bn_bd.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.bn_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57024| 15-Aug-17| 01:03 \ndocumentservices.bs_latn_ba.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.ca_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.ca_es_valencia.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.cs_cz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.cy_gb.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.da_dk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.de_de.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.dll| | 317640| 15-Aug-17| 01:03 \ndocumentservices.el_gr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.es_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.et_ee.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.eu_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.fa_ir.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.fi_fi.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.fil_ph.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.fr_fr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.ga_ie.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.gd_gb.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.gl_es.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.gu_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.he_il.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.hi_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57024| 15-Aug-17| 01:03 \ndocumentservices.hr_hr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.hu_hu.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.hy_am.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.id_id.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.is_is.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48832| 15-Aug-17| 01:03 \ndocumentservices.it_it.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.ja_jp.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.ka_ge.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57024| 15-Aug-17| 01:03 \ndocumentservices.kk_kz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.km_kh.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.kn_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.ko_kr.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.kok_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.ky_kg.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.lb_lu.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.lt_lt.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48832| 15-Aug-17| 01:03 \ndocumentservices.lv_lv.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.mi_nz.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-Aug-17| 01:03 \ndocumentservices.mk_mk.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.ml_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.mn_mn.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 52936| 15-Aug-17| 01:03 \ndocumentservices.mr_in.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 57032| 15-Aug-17| 01:03 \ndocumentservices.ms_my.resources.dll.07275332_82e4_4820_9fdd_2423cd8daa85| microsoft.mashup.documentservices.resources.dll| | 48840| 15-A
KLA11100 Multiple vulnerabilities in Microsoft Office
