Description of the security update for Office 2016: September 12, 2017

2017-09-12T07:00:00

Description

None ## Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>). **Note** To apply this security update, you must have the release version of Office 2016 installed on the computer. ## Improvements and fixes This security update contains improvements and fixes for the following nonsecurity issue: * After you export .emf files as .pdf files in Visio 2016, the line weights are displayed incorrectly. ## How to get and install the update ### Method 1: Microsoft Update This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>). ### Method 2: Microsoft Update Catalog To get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3203474>) website. ### Method 3: Microsoft Download Center You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update. * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3203474 for the 32-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=ac7f11ed-895c-41c5-90a9-08cb58ab47a3>) * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3203474 for the 64-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=faba99a6-ed11-43a7-ba1b-b0126dd29ec7>) ## More Information ### Security update deployment information For deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>). ### Security update replacement information This security update doesn't replace any previously released update. ### File hash information Package Name| Package Hash SHA 1| Package Hash SHA 2 ---|---|--- oart2016-kb3203474-fullfile-x86-glb.exe| 0E7DE69E6EB31F57D32DE1740ACD1379643E60B3| 2E46F10D02330F5BB7D212E6C3F23E26D382A438F0B48705ADCE60EF96DD7E47 oart2016-kb3203474-fullfile-x64-glb.exe| 4B1D8E7F5848594D5E6DAF30C3C09DD6685294B1| 2AAE5B01F75C0834B4A258A5EFC09B369CFBFEACD8A677797F382819602EFF7F ### File information The English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. For all supported x86-based versions of Office 2016| File identifier| File name| File version| File size| Date| Time ---|---|---|---|---|--- igx.dll| igx.dll| 16.0.4588.1000| 9744568| 16-Aug-17| 11:54 oart.dll| oart.dll| 16.0.4588.1000| 12532944| 16-Aug-17| 11:54 oartodf.dll| oartodf.dll| 16.0.4588.1000| 1834720| 16-Aug-17| 11:54 For all supported x64-based versions of Office 2016File identifier| File name| File version| File size| Date| Time ---|---|---|---|---|--- igx.dll| igx.dll| 16.0.4588.1000| 11260600| 16-Aug-17| 11:56 xlsrv.ecs.igx.dll| igx.dll| 16.0.4588.1000| 11260600| | oart.dll| oart.dll| 16.0.4588.1000| 18272464| 16-Aug-17| 11:56 xlsrv.ecs.oart.dll| oart.dll| 16.0.4588.1000| 18272464| | oartodf.dll| oartodf.dll| 16.0.4588.1000| 3311328| 16-Aug-17| 11:56 xlsrv.ecs.oartodf.dll| oartodf.dll| 16.0.4588.1000| 3311328| | ## How to get help and support for this security update Help for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)

{"id": "KB3203474", "vendorId": null, "type": "mskb", "bulletinFamily": "microsoft", "title": "Description of the security update for Office 2016: September 12, 2017", "description": "None\n## Summary\n\nThis security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>). \n \n**Note** To apply this security update, you must have the release version of Office 2016 installed on the computer.\n\n## Improvements and fixes\n\nThis security update contains improvements and fixes for the following nonsecurity issue: \n\n\n * After you export .emf files as .pdf files in Visio 2016, the line weights are displayed incorrectly.\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/en-us/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB3203474>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3203474 for the 32-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=ac7f11ed-895c-41c5-90a9-08cb58ab47a3>)\n * ![Download icon](https://support.content.office.net/en-us/media/2ae362dc-2179-d733-e930-e231c68a2c4a.png)[Download the security update KB3203474 for the 64-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=faba99a6-ed11-43a7-ba1b-b0126dd29ec7>)\n\n## More Information\n\n### Security update deployment information\n\nFor deployment information about this update, see [security update deployment information: September 12, 2017](<https://support.microsoft.com/en-us/help/20170912>).\n\n### Security update replacement information\n\nThis security update doesn't replace any previously released update.\n\n### File hash information\n\nPackage Name| Package Hash SHA 1| Package Hash SHA 2 \n---|---|--- \noart2016-kb3203474-fullfile-x86-glb.exe| 0E7DE69E6EB31F57D32DE1740ACD1379643E60B3| 2E46F10D02330F5BB7D212E6C3F23E26D382A438F0B48705ADCE60EF96DD7E47 \noart2016-kb3203474-fullfile-x64-glb.exe| 4B1D8E7F5848594D5E6DAF30C3C09DD6685294B1| 2AAE5B01F75C0834B4A258A5EFC09B369CFBFEACD8A677797F382819602EFF7F \n \n### File information\n\nThe English version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \nFor all supported x86-based versions of Office 2016| File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nigx.dll| igx.dll| 16.0.4588.1000| 9744568| 16-Aug-17| 11:54 \noart.dll| oart.dll| 16.0.4588.1000| 12532944| 16-Aug-17| 11:54 \noartodf.dll| oartodf.dll| 16.0.4588.1000| 1834720| 16-Aug-17| 11:54 \nFor all supported x64-based versions of Office 2016File identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nigx.dll| igx.dll| 16.0.4588.1000| 11260600| 16-Aug-17| 11:56 \nxlsrv.ecs.igx.dll| igx.dll| 16.0.4588.1000| 11260600| | \noart.dll| oart.dll| 16.0.4588.1000| 18272464| 16-Aug-17| 11:56 \nxlsrv.ecs.oart.dll| oart.dll| 16.0.4588.1000| 18272464| | \noartodf.dll| oartodf.dll| 16.0.4588.1000| 3311328| 16-Aug-17| 11:56 \nxlsrv.ecs.oartodf.dll| oartodf.dll| 16.0.4588.1000| 3311328| | \n \n## How to get help and support for this security update\n\nHelp for installing updates: [Windows Update FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>)Security solutions for IT professionals: [Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>)Help for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<https://support.microsoft.com/contactus/cu_sc_virsec_master>)Local support according to your country: [International Support](<http://support.microsoft.com>)Propose a feature or provide feedback on Office: [Office User Voice portal](<https://office.uservoice.com/>)\n", "published": "2017-09-12T07:00:00", "modified": "2017-09-12T07:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://support.microsoft.com/en-us/help/3203474", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2017-8630"], "immutableFields": [], "lastseen": "2022-08-24T11:04:47", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8744"]}, {"type": "kaspersky", "idList": ["KLA11100"]}, {"type": "mscve", "idList": ["MS:CVE-2017-8630"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_SEP_OFFICE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811667"]}, {"type": "symantec", "idList": ["SMNTC-100732"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}]}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-8630"]}, {"type": "kaspersky", "idList": ["KLA11100"]}, {"type": "mscve", "idList": ["MS:CVE-2017-8630"]}, {"type": "nessus", "idList": ["MICROSOFT_OFFICE_UNSUPPORTED.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811667"]}, {"type": "symantec", "idList": ["SMNTC-100732"]}, {"type": "talosblog", "idList": ["TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2017-8630", "epss": "0.062530000", "percentile": "0.924460000", "modified": "2023-03-14"}], "vulnersScore": -0.4}, "_state": {"dependencies": 1661339182, "score": 1661339543, "epss": 1678882855}, "_internal": {"score_hash": "23954b0e8c69df79308cbed728329c98"}, "kb": "KB3203474", "msrc": "", "mscve": "CVE-2017-8630", "msplatform": "", "msfamily": "Microsoft Office", "msimpact": "Remote Code Execution", "msseverity": "Important", "superseeds": [], "parentseeds": ["KB4011628"], "msproducts": ["10753", "10754"], "affectedProducts": ["Microsoft Office 2016 (32-bit edition)", "Microsoft Office 2016 (64-bit edition)"], "supportAreaPaths": [], "supportAreaPathNodes": [], "primarySupportAreaPath": []}

{"symantec": [{"lastseen": "2021-06-08T19:04:40", "description": "### Description\n\nMicrosoft Office is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Office 2016 (32-bit edition) \n * Microsoft Office 2016 (64-bit edition) \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-09-12T00:00:00", "type": "symantec", "title": "Microsoft Office CVE-2017-8630 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-8630"], "modified": "2017-09-12T00:00:00", "id": "SMNTC-100732", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/100732", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-08T23:24:24", "description": "This host is missing an important security\n update according to Microsoft KB3203474", "cvss3": {}, "published": "2017-09-13T00:00:00", "type": "openvas", "title": "Microsoft Office 2016 Remote Code Execution Vulnerability (KB3203474)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8630"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310811667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811667", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Office 2016 Remote Code Execution Vulnerability (KB3203474)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811667\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-8630\");\n script_bugtraq_id(100732);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-09-13 09:18:23 +0530 (Wed, 13 Sep 2017)\");\n script_name(\"Microsoft Office 2016 Remote Code Execution Vulnerability (KB3203474)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB3203474\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in\n Microsoft Office software when it fails to properly handle objects in\n memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited the vulnerability could use a specially\n crafted file to perform actions in the security context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Office 2016.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/3203474\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_office_products_version_900032.nasl\");\n script_mandatory_keys(\"MS/Office/Ver\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nofficeVer = get_kb_item(\"MS/Office/Ver\");\nif(!officeVer){\n exit(0);\n}\n\n# Office 2016\nif(officeVer =~ \"^16\\.\")\n{\n comPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Office\\16.0\\Access\\InstallRoot\",\n item:\"Path\");\n if(comPath)\n {\n ortVer = fetch_file_version(sysPath:comPath, file_name:\"Oart.dll\");\n if(ortVer)\n {\n if(version_in_range(version:ortVer, test_version:\"16\", test_version2:\"16.0.4588.0999\"))\n {\n report = 'File checked: ' + comPath + \"\\Oart.dll\" + '\\n' +\n 'File version: ' + ortVer + '\\n' +\n 'Vulnerable range: 16.0 - 16.0.4588.0999 \\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-03-17T02:35:24", "description": "A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.\n\nTo exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.\n\nThe security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T07:00:00", "type": "mscve", "title": "Microsoft Office Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630"], "modified": "2017-09-12T07:00:00", "id": "MS:CVE-2017-8630", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-8630", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-02-08T16:16:09", "description": "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8630", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8744"], "modified": "2017-09-21T16:10:00", "cpe": ["cpe:/a:microsoft:office:2016"], "id": "CVE-2017-8630", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8630", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:01", "description": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8631", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8744"], "modified": "2021-09-13T11:26:00", "cpe": ["cpe:/a:microsoft:excel_viewer:2007", "cpe:/a:microsoft:excel_2013_rt:-", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:excel_web_app:2013", "cpe:/a:microsoft:office_compatibility_pack:-", "cpe:/a:microsoft:excel_2010:*", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:excel_2007:-", "cpe:/a:microsoft:office_online_server:*", "cpe:/a:microsoft:office_web_apps:2013"], "id": "CVE-2017-8631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8631", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_viewer:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_2007:-:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_2013_rt:-:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_2010:*:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_web_app:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:-:sp3:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:03", "description": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8632", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8744"], "modified": "2017-09-21T15:45:00", "cpe": ["cpe:/a:microsoft:excel_for_mac:2016", "cpe:/a:microsoft:excel:2013", "cpe:/a:microsoft:excel_for_mac:2011", "cpe:/a:microsoft:excel:2010", "cpe:/a:microsoft:excel:2016", "cpe:/a:microsoft:office_compatibility_pack:*", "cpe:/a:microsoft:office_web_apps:2013"], "id": "CVE-2017-8632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8632", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_web_apps:2013:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-08T16:16:15", "description": "A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-13T01:29:00", "type": "cve", "title": "CVE-2017-8744", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8632", "CVE-2017-8731", "CVE-2017-8744"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:microsoft:office:2016", "cpe:/a:microsoft:office:2007", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2010"], "id": "CVE-2017-8744", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8744", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:34:12", "description": "The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability. In a web- based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit this vulnerability and then convince a user to open the document file.The security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Note that the Preview Pane is not an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. Note that where the severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector for this vulnerability. The security update addresses the vulnerability by correcting how GDI handles memory addresses. (CVE-2017-8676)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (September 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8630", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8742", "CVE-2017-8744"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/a:microsoft:office", "cpe:/a:microsoft:powerpoint", "cpe:/a:microsoft:excel"], "id": "SMB_NT_MS17_SEP_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/103133", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103133);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-8630\",\n \"CVE-2017-8676\",\n \"CVE-2017-8682\",\n \"CVE-2017-8695\",\n \"CVE-2017-8696\",\n \"CVE-2017-8742\",\n \"CVE-2017-8744\"\n );\n script_bugtraq_id(\n 100732,\n 100741,\n 100748,\n 100755,\n 100772,\n 100773,\n 100780\n );\n script_xref(name:\"MSKB\", value:\"4011055\");\n script_xref(name:\"MSKB\", value:\"3213649\");\n script_xref(name:\"MSKB\", value:\"4011038\");\n script_xref(name:\"MSKB\", value:\"3213626\");\n script_xref(name:\"MSKB\", value:\"3213646\");\n script_xref(name:\"MSKB\", value:\"3213641\");\n script_xref(name:\"MSKB\", value:\"3213642\");\n script_xref(name:\"MSKB\", value:\"3213564\");\n script_xref(name:\"MSKB\", value:\"3203474\");\n script_xref(name:\"MSKB\", value:\"3213638\");\n script_xref(name:\"MSKB\", value:\"4011103\");\n script_xref(name:\"MSKB\", value:\"4011126\");\n script_xref(name:\"MSKB\", value:\"4011063\");\n script_xref(name:\"MSKB\", value:\"4011062\");\n script_xref(name:\"MSKB\", value:\"3213551\");\n script_xref(name:\"MSKB\", value:\"3213631\");\n script_xref(name:\"MSFT\", value:\"MS17-4011055\");\n script_xref(name:\"MSFT\", value:\"MS17-3213649\");\n script_xref(name:\"MSFT\", value:\"MS17-4011038\");\n script_xref(name:\"MSFT\", value:\"MS17-3213626\");\n script_xref(name:\"MSFT\", value:\"MS17-3213646\");\n script_xref(name:\"MSFT\", value:\"MS17-3213641\");\n script_xref(name:\"MSFT\", value:\"MS17-3213642\");\n script_xref(name:\"MSFT\", value:\"MS17-3213564\");\n script_xref(name:\"MSFT\", value:\"MS17-3203474\");\n script_xref(name:\"MSFT\", value:\"MS17-3213638\");\n script_xref(name:\"MSFT\", value:\"MS17-4011103\");\n script_xref(name:\"MSFT\", value:\"MS17-4011126\");\n script_xref(name:\"MSFT\", value:\"MS17-4011063\");\n script_xref(name:\"MSFT\", value:\"MS17-4011062\");\n script_xref(name:\"MSFT\", value:\"MS17-3213551\");\n script_xref(name:\"MSFT\", value:\"MS17-3213631\");\n script_xref(name:\"IAVA\", value:\"2017-A-0274\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (September 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when it fails to properly\n handle objects in memory. An attacker who successfully\n exploited the vulnerability could use a specially\n crafted file to perform actions in the security context\n of the current user. For example, the file could then\n take actions on behalf of the logged-on user with the\n same permissions as the current user. Exploitation of\n this vulnerability requires that a user open a specially\n crafted file with an affected version of Microsoft\n Office software. In an email attack scenario, an\n attacker could exploit the vulnerability by sending the\n specially crafted file to the user and convincing the\n user to open the file. In a web-based attack scenario,\n an attacker could host a website (or leverage a\n compromised website that accepts or hosts user-provided\n content) that contains a specially crafted file that is\n designed to exploit the vulnerability. However, an\n attacker would have no way to force the user to visit\n the website. Instead, an attacker would have to convince\n the user to click a link, typically by way of an\n enticement in an email or Instant Messenger message, and\n then convince the user to open the specially crafted\n file. The security update addresses the vulnerability by\n correcting how Microsoft Office handles files in memory.\n (CVE-2017-8630, CVE-2017-8744)\n\n - A remote code execution vulnerability exists when the\n Windows font library improperly handles specially\n crafted embedded fonts. An attacker who successfully\n exploited this vulnerability could take control of the\n affected system. An attacker could then install\n programs; view, change, or delete data; or create new\n accounts with full user rights. Users whose accounts are\n configured to have fewer user rights on the system could\n be less impacted than users who operate with\n administrative user rights. There are multiple ways an\n attacker could exploit this vulnerability. In a web-\n based attack scenario, an attacker could host a\n specially crafted website that is designed to exploit\n this vulnerability and then convince a user to view the\n website. An attacker would have no way to force users to\n view the attacker-controlled content. Instead, an\n attacker would have to convince users to take action,\n typically by getting them to click a link in an email\n message or in an Instant Messenger message that takes\n users to the attacker's website, or by opening an\n attachment sent through email. In a file sharing attack\n scenario, an attacker could provide a specially crafted\n document file that is designed to exploit this\n vulnerability, and then convince a user to open the\n document file. The security update addresses the\n vulnerabilities by correcting how the Windows font\n library handles embedded fonts. (CVE-2017-8682)\n\n - An information disclosure vulnerability exists when\n Windows Uniscribe improperly discloses the contents of\n its memory. An attacker who successfully exploited the\n vulnerability could obtain information to further\n compromise the users system. There are multiple ways an\n attacker could exploit the vulnerability, such as by\n convincing a user to open a specially crafted document\n or by convincing a user to visit an untrusted webpage.\n The update addresses the vulnerability by correcting how\n Windows Uniscribe handles objects in memory.\n (CVE-2017-8695)\n\n - A remote code execution vulnerability exists due to the\n way Windows Uniscribe handles objects in memory. An\n attacker who successfully exploited this vulnerability\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n Users whose accounts are configured to have fewer user\n rights on the system could be less impacted than users\n who operate with administrative user rights. There are\n multiple ways an attacker could exploit this\n vulnerability: In a web-based attack scenario, an\n attacker could host a specially crafted website designed\n to exploit this vulnerability and then convince a user\n to view the website. An attacker would have no way to\n force users to view the attacker-controlled content.\n Instead, an attacker would have to convince users to\n take action, typically by getting them to click a link\n in an email or instant message that takes users to the\n attacker's website, or by opening an attachment sent\n through email. In a file-sharing attack scenario, an\n attacker could provide a specially crafted document file\n designed to exploit this vulnerability and then convince\n a user to open the document file.The security update\n addresses the vulnerability by correcting how Windows\n Uniscribe handles objects in memory. (CVE-2017-8696)\n\n - A remote code execution vulnerability exists in\n Microsoft Office software when the software fails to\n properly handle objects in memory. An attacker who\n successfully exploited the vulnerability could run\n arbitrary code in the context of the current user. If\n the current user is logged on with administrative user\n rights, an attacker could take control of the affected\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n Exploitation of the vulnerability requires that a user\n open a specially crafted file with an affected version\n of Microsoft Office software. In an email attack\n scenario, an attacker could exploit the vulnerability by\n sending the specially crafted file to the user and\n convincing the user to open the file. In a web-based\n attack scenario, an attacker could host a website (or\n leverage a compromised website that accepts or hosts\n user-provided content) that contains a specially crafted\n file designed to exploit the vulnerability. An attacker\n would have no way to force users to visit the website.\n Instead, an attacker would have to convince users to\n click a link, typically by way of an enticement in an\n email or instant message, and then convince them to open\n the specially crafted file. Note that the Preview Pane\n is not an attack vector for this vulnerability. The\n security update addresses the vulnerability by\n correcting how Office handles objects in memory.\n (CVE-2017-8742)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface (GDI)\n handles objects in memory, allowing an attacker to\n retrieve information from a targeted system. By itself,\n the information disclosure does not allow arbitrary code\n execution; however, it could allow arbitrary code to be\n run if the attacker uses it in combination with another\n vulnerability. To exploit this vulnerability, an\n attacker would have to log on to an affected system and\n run a specially crafted application. Note that where the\n severity is indicated as Critical in the Affected\n Products table, the Preview Pane is an attack vector for\n this vulnerability. The security update addresses the\n vulnerability by correcting how GDI handles memory\n addresses. (CVE-2017-8676)\");\n # https://support.microsoft.com/en-us/help/4011055/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d24309b\");\n # https://support.microsoft.com/en-us/help/3213649/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c95ea355\");\n # https://support.microsoft.com/en-us/help/4011038/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69c44d41\");\n # https://support.microsoft.com/en-us/help/3213626/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40a27f00\");\n # https://support.microsoft.com/en-us/help/3213646/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a714c54e\");\n # https://support.microsoft.com/en-us/help/3213641/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b84ca703\");\n # https://support.microsoft.com/en-us/help/3213642/descriptionofthesecurityupdateforpowerpoint2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?607de17a\");\n # https://support.microsoft.com/en-us/help/3213564/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f846aeb6\");\n # https://support.microsoft.com/en-us/help/3203474/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7601f27e\");\n # https://support.microsoft.com/en-us/help/3213638/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4928d07a\");\n # https://support.microsoft.com/en-us/help/4011103/descriptionofthesecurityupdateforoffice2013september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa6bb9d8\");\n # https://support.microsoft.com/en-us/help/4011126/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d1e5263\");\n # https://support.microsoft.com/en-us/help/4011063/descriptionofthesecurityupdatefor2007microsoftofficesuiteseptember12-2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b27cd572\");\n # https://support.microsoft.com/en-us/help/4011062/descriptionofthesecurityupdateforexcel2007september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7194ec3f\");\n # https://support.microsoft.com/en-us/help/3213551/descriptionofthesecurityupdateforoffice2016september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9ecdeba5\");\n # https://support.microsoft.com/en-us/help/3213631/descriptionofthesecurityupdateforoffice2010september12-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b2751aff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Microsoft Office Products.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:powerpoint\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:excel\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"microsoft_office_compatibility_pack_installed.nbin\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nglobal_var vuln;\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-09\";\nkbs = make_list(\n '3213641', # Office 2007 SP3\n '3213646', # Office 2007 SP3\n '3213649', # Office 2007 SP3\n '4011063', # Office 2007 SP3\n '3213626', # Office 2010 SP2\n '3213631', # Office 2010 SP2\n '3213638', # Office 2010 SP2\n '4011055', # Office 2010 SP2\n '3213564', # Office 2013 SP1\n '4011103', # Office 2013 SP1\n '3203474', # Office 2016\n '3213551', # Office 2016\n '4011038', # Office 2016\n '4011126' # Office 2016\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\", exit_code:1);\n\nvuln = FALSE;\nport = kb_smb_transport();\n\noffice_vers = hotfix_check_office_version();\n\n####################################################################\n# Office 2007 SP3 Checks\n####################################################################\nif (office_vers[\"12.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2007/SP\");\n if (!isnull(office_sp) && office_sp == 3)\n {\n prod = \"Microsoft Office 2007 SP3\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"12.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2006.1200.6776.5000\", min_version:\"2006.1200.0.0\", path:path, kb:\"3213646\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office12\"\n );\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"12.0.6776.5000\", path:path, kb:\"3213641\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"12.0.6777.5000\", path:path, kb:\"4011063\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"12.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.626.6002.24173\", path:path, kb:\"3213649\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2010 SP2 Checks\n####################################################################\nif (office_vers[\"14.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2010/SP\");\n if (!isnull(office_sp) && office_sp == 2)\n {\n prod = \"Microsoft Office 2010 SP2\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"14.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office14\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"14.0.7188.5002\", path:path, kb:\"4011055\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n if (hotfix_check_fversion(file:\"ogl.dll\", version:\"14.0.7188.5000\", path:path, kb:\"3213638\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2010.1400.7188.5000\", min_version:\"2010.1400.0.0\", path:path, kb:\"3213626\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"14.0\");\n if (hotfix_check_fversion(file:\"usp10.dll\", version:\"1.0626.7601.23883\", path:path, kb:\"3213631\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2013 SP1 Checks\n####################################################################\nif (office_vers[\"15.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2013/SP\");\n if (!isnull(office_sp) && office_sp == 1)\n {\n prod = \"Microsoft Office 2013 SP1\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"15.0\");\n\n path = hotfix_append_path(\n path : hotfix_get_officecommonfilesdir(officever:\"15.0\"),\n value : \"Microsoft Shared\\Office15\"\n );\n if (hotfix_check_fversion(file:\"mso.dll\", version:\"15.0.4963.1002\", path:path, kb:\"4011103\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n\n path = hotfix_append_path(\n path : common_path,\n value : \"\\Microsoft Shared\\TextConv\"\n );\n if (hotfix_check_fversion(file:\"Wpft632.cnv\", version:\"2012.1500.4963.1000\", min_version:\"2012.1500.0.0\", path:path, kb:\"3213564\", bulletin:bulletin, product:prod) == HCF_OLDER)\n vuln = TRUE;\n }\n}\n\n####################################################################\n# Office 2016 Checks\n####################################################################\nif (office_vers[\"16.0\"])\n{\n office_sp = get_kb_item(\"SMB/Office/2016/SP\");\n if (!isnull(office_sp) && office_sp == 0)\n {\n prod = \"Microsoft Office 2016\";\n common_path = hotfix_get_officecommonfilesdir(officever:\"16.0\");\n\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\Office16\"\n );\n kb = \"4011038\";\n file = \"mso99lwin32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"4011126\";\n file = \"mso30win32client.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1002\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n kb = \"3213551\";\n file = \"wpft632.cnv\";\n path = hotfix_append_path(\n path : common_path,\n value : \"Microsoft Shared\\TextConv\"\n );\n if (\n hotfix_check_fversion(file:file, version:\"2012.1600.4588.1000\", min_version:\"2012.1600.0.0\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.7726.1057\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8201.2193\", min_version:\"2012.1600.0.0\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8431.2079\", min_version:\"2012.1600.0.0\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"2012.1600.8326.2107\", min_version:\"2012.1600.0.0\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n\n path = hotfix_get_officeprogramfilesdir(officever:\"16.0\");\n kb = \"3203474\";\n file = \"igx.dll\";\n if (\n hotfix_check_fversion(file:file, version:\"16.0.4588.1000\", channel:\"MSI\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.7726.1057\", channel:\"Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8201.2193\", channel:\"Deferred\", channel_version:\"1705\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8431.2079\", channel:\"First Release for Deferred\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER ||\n hotfix_check_fversion(file:file, version:\"16.0.8326.2107\", channel:\"Current\", channel_product:\"Office\", path:path, kb:kb, bulletin:bulletin, product:prod) == HCF_OLDER\n )\n vuln = TRUE;\n }\n}\n\nif (vuln)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T16:05:58", "description": "### *Detect date*:\n09/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges.\n\n### *Affected products*:\nMicrosoft Office 2007 Service Pack 3 \nMicrosoft Office 2010 Service Pack 2 \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2013 Service Pack 1 \nMicrosoft Office 2016 \nMicrosoft Office 2016 for Mac \nMicrosoft Office Compatibility Pack Service Pack 3 \nMicrosoft Office Web Apps 2010 Service Pack 2 \nMicrosoft Office Web Apps 2013 Service Pack 1 \nMicrosoft Office Web Apps Server 2013 Service Pack 1 \nMicrosoft Office Word Viewer \nMicrosoft Office for Mac 2011 \nMicrosoft Excel 2007 Service Pack 3 \nMicrosoft Excel 2010 Service Pack 2 \nMicrosoft Excel 2013 RT Service Pack 1 \nMicrosoft Excel 2013 Service Pack 1 \nMicrosoft Excel 2016 \nMicrosoft Excel 2016 for Mac \nMicrosoft Excel Viewer 2007 Service Pack 3 \nMicrosoft Excel Web App 2013 Service Pack 1 \nMicrosoft Excel for Mac 2011 \nMicrosoft Live Meeting 2007 Add-in \nMicrosoft Live Meeting 2007 Console \nMicrosoft Lync 2010 \nMicrosoft Lync 2010 Attendee \nMicrosoft Lync 2013 Service Pack 1 \nMicrosoft Lync Basic 2013 Service Pack 1 \nMicrosoft Outlook 2007 Service Pack 3 \nMicrosoft Outlook 2010 Service Pack 2 \nMicrosoft Outlook 2013 \nMicrosoft Outlook 2013 RT Service Pack 1 \nMicrosoft Outlook 2016 \nMicrosoft PowerPoint 2007 Service Pack 3 \nMicrosoft PowerPoint 2010 Service Pack 2 \nMicrosoft PowerPoint 2013 RT Service Pack 1 \nMicrosoft PowerPoint 2013 Service Pack 1 \nMicrosoft PowerPoint 2016 \nMicrosoft PowerPoint Viewer 2007 \nMicrosoft Publisher 2007 Service Pack 3 \nMicrosoft Publisher 2010 Service Pack 2 \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft SharePoint Server 2013 Service Pack 1 \nOffice Online Server \nSkype for Business 2016 \nSkype for Business 2016 Basic\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[ADV170015](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170015>) \n[CVE-2017-8567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567>) \n[CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>) \n[CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>) \n[CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>) \n[CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>) \n[CVE-2017-8744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744>) \n[CVE-2017-8745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745>) \n[CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>) \n[CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>) \n[CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) \n[CVE-2017-8629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629>) \n[CVE-2017-8725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725>) \n[CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>) \n[CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>) \n[CVE-2017-8676](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676>) \n[CVE-2017-8682](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682>) \n[CVE-2017-8695](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695>) \n[CVE-2017-8696](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696>) \n[CVE-2017-8745](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745>) \n[CVE-2017-8744](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744>) \n[CVE-2017-8743](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743>) \n[CVE-2017-8742](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742>) \n[CVE-2017-8725](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725>) \n[CVE-2017-8632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632>) \n[CVE-2017-8631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631>) \n[CVE-2017-8630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630>) \n[CVE-2017-8629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629>) \n[CVE-2017-8567](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office Live Meeting 2007](<https://threats.kaspersky.com/en/product/Microsoft-Office-Live-Meeting-2007/>)\n\n### *CVE-IDS*:\n[CVE-2017-8676](<https://vulners.com/cve/CVE-2017-8676>)2.1Warning \n[CVE-2017-8682](<https://vulners.com/cve/CVE-2017-8682>)9.3Critical \n[CVE-2017-8695](<https://vulners.com/cve/CVE-2017-8695>)2.6Warning \n[CVE-2017-8696](<https://vulners.com/cve/CVE-2017-8696>)7.6Critical \n[CVE-2017-8745](<https://vulners.com/cve/CVE-2017-8745>)3.5Warning \n[CVE-2017-8744](<https://vulners.com/cve/CVE-2017-8744>)9.3Critical \n[CVE-2017-8743](<https://vulners.com/cve/CVE-2017-8743>)9.3Critical \n[CVE-2017-8742](<https://vulners.com/cve/CVE-2017-8742>)9.3Critical \n[CVE-2017-8725](<https://vulners.com/cve/CVE-2017-8725>)9.3Critical \n[CVE-2017-8632](<https://vulners.com/cve/CVE-2017-8632>)9.3Critical \n[CVE-2017-8631](<https://vulners.com/cve/CVE-2017-8631>)9.3Critical \n[CVE-2017-8630](<https://vulners.com/cve/CVE-2017-8630>)9.3Critical \n[CVE-2017-8629](<https://vulners.com/cve/CVE-2017-8629>)3.5Warning \n[CVE-2017-8567](<https://vulners.com/cve/CVE-2017-8567>)9.3Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3213649](<http://support.microsoft.com/kb/3213649>) \n[3213644](<http://support.microsoft.com/kb/3213644>) \n[3213646](<http://support.microsoft.com/kb/3213646>) \n[3213641](<http://support.microsoft.com/kb/3213641>) \n[3213642](<http://support.microsoft.com/kb/3213642>) \n[3213560](<http://support.microsoft.com/kb/3213560>) \n[4025867](<http://support.microsoft.com/kb/4025867>) \n[3213562](<http://support.microsoft.com/kb/3213562>) \n[3213564](<http://support.microsoft.com/kb/3213564>) \n[3191831](<http://support.microsoft.com/kb/3191831>) \n[4011117](<http://support.microsoft.com/kb/4011117>) \n[3128030](<http://support.microsoft.com/kb/3128030>) \n[4025868](<http://support.microsoft.com/kb/4025868>) \n[3213631](<http://support.microsoft.com/kb/3213631>) \n[4025865](<http://support.microsoft.com/kb/4025865>) \n[4025866](<http://support.microsoft.com/kb/4025866>) \n[4011113](<http://support.microsoft.com/kb/4011113>) \n[3213638](<http://support.microsoft.com/kb/3213638>) \n[4011069](<http://support.microsoft.com/kb/4011069>) \n[3141537](<http://support.microsoft.com/kb/3141537>) \n[4011041](<http://support.microsoft.com/kb/4011041>) \n[4011040](<http://support.microsoft.com/kb/4011040>) \n[4011065](<http://support.microsoft.com/kb/4011065>) \n[4011064](<http://support.microsoft.com/kb/4011064>) \n[4011089](<http://support.microsoft.com/kb/4011089>) \n[4011062](<http://support.microsoft.com/kb/4011062>) \n[4011061](<http://support.microsoft.com/kb/4011061>) \n[4011134](<http://support.microsoft.com/kb/4011134>) \n[3213658](<http://support.microsoft.com/kb/3213658>) \n[3213626](<http://support.microsoft.com/kb/3213626>) \n[3203474](<http://support.microsoft.com/kb/3203474>) \n[3213551](<http://support.microsoft.com/kb/3213551>) \n[3212225](<http://support.microsoft.com/kb/3212225>) \n[4011056](<http://support.microsoft.com/kb/4011056>) \n[4011055](<http://support.microsoft.com/kb/4011055>) \n[4011050](<http://support.microsoft.com/kb/4011050>) \n[4011038](<http://support.microsoft.com/kb/4011038>) \n[4011063](<http://support.microsoft.com/kb/4011063>) \n[4011107](<http://support.microsoft.com/kb/4011107>) \n[3128027](<http://support.microsoft.com/kb/3128027>) \n[4025869](<http://support.microsoft.com/kb/4025869>) \n[4011090](<http://support.microsoft.com/kb/4011090>) \n[4011091](<http://support.microsoft.com/kb/4011091>) \n[3114428](<http://support.microsoft.com/kb/3114428>) \n[4011103](<http://support.microsoft.com/kb/4011103>) \n[4011126](<http://support.microsoft.com/kb/4011126>) \n[4011127](<http://support.microsoft.com/kb/4011127>) \n[3213632](<http://support.microsoft.com/kb/3213632>) \n[4011108](<http://support.microsoft.com/kb/4011108>) \n[4011125](<http://support.microsoft.com/kb/4011125>) \n[4011110](<http://support.microsoft.com/kb/4011110>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-09-12T00:00:00", "type": "kaspersky", "title": "KLA11100 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8567", "CVE-2017-8629", "CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8676", "CVE-2017-8682", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8725", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8744", "CVE-2017-8745"], "modified": "2020-06-18T00:00:00", "id": "KLA11100", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11100/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2017-09-20T10:59:03", "description": "Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 81 new vulnerabilities with 27 of them rated critical, 52 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Hyper-V, Internet Explorer, Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.<br /><br />Note that the Bluetooth vulnerabilities known as \"BlueBorne\" that affected Windows have been patched in this latest release. For more information, please refer to CVE-2017-8628.<br /><br /><a name='more'></a><h2 id=\"h.wjrt5zh1f6pu\">Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated \"critical\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8747\">CVE-2017-8747</a> - Internet Explorer Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8749\">CVE-2017-8749</a> - Internet Explorer Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8750\">CVE-2017-8750</a> - Microsoft Browser Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8731\">CVE-2017-8731</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8734\">CVE-2017-8734</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8751\">CVE-2017-8751</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8755\">CVE-2017-8755</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8756\">CVE-2017-8756</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11766\">CVE-2017-11766</a> - Microsoft Edge Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757\">CVE-2017-8757</a> - Microsoft Edge Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696\">CVE-2017-8696</a> - Microsoft Graphics Component Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8728\">CVE-2017-8728</a> - Microsoft PDF Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8737\">CVE-2017-8737</a> - Microsoft PDF Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0161\">CVE-2017-0161</a> - NetBIOS Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8649\">CVE-2017-8649</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660\">CVE-2017-8660</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8729\">CVE-2017-8729</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8738\">CVE-2017-8738</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8740\">CVE-2017-8740</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741\">CVE-2017-8741</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8748\">CVE-2017-8748</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8752\">CVE-2017-8752</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8753\">CVE-2017-8753</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764\">CVE-2017-11764</a> - Scripting Engine Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8682\">CVE-2017-8682</a> - Win32k Graphics Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686\">CVE-2017-8686</a> - Windows DHCP Server Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676\">CVE-2017-8676</a> - Windows GDI+ Information Disclosure Vulnerability</li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.b21z3uko0dvb\">CVE-2017-8747, CVE-2017-8749 - Internet Explorer Memory Corruption Vulnerability</h3><br />Two vulnerabilities have been identified in Internet Explorer that could result in remote code execution in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory when attempting to render a webpage. Both vulnerabilities could be exploited if, for example, a user visits a specially crafted webpage that exploits one of these flaws.<br /><br /><h3 id=\"h.stimxk5dlt9s\">CVE-2017-8750 - Microsoft Browser Memory Corruption Vulnerability</h3><br />A vulnerability have been identified in Edge and Internet Explorer that could result in remote code execution in the context of the current user. This vulnerability manifests due to improper handling of objects in memory when attempting to render a webpage. This vulnerability could be exploited if, for example, a user visits a specially crafted webpage that exploits this flaw.<br /><br /><h3 id=\"h.noriw5kti6\">Multiple CVEs - Microsoft Edge Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in Microsoft Edge that could allow an attacker to execute arbitrary code on an affected host. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. Users who visit a specially crafted web page under the control of the attacker could be exploited.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8731</li><li>CVE-2017-8734</li><li>CVE-2017-8751</li><li>CVE-2017-8755</li><li>CVE-2017-8756</li><li>CVE-2017-11766</li></ul><h3 id=\"h.1v376u5n6xmf\">CVE-2017-8757 - Microsoft Edge Remote Code Execution Vulnerability</h3><br />A vulnerability have been identified in Edge that could result in remote code execution in the context of the current user. This vulnerability manifests due to improper handling of objects in memory when attempting to render a webpage. This vulnerability could be exploited if, for example, a user visits a specially crafted webpage that exploits this flaw. Alternatively, an attacker could embed an ActiveX control marked \"safe for initialization\" within a Microsoft Office document that \"hosts the browser rendering engine\" and socially engineer the user to open the malicious document.<br /><br /><h3 id=\"h.ur4dd8a6i1eq\">CVE-2017-8696 - Microsoft Graphics Component Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in Windows Uniscribe that could allow an attacker to remotely execute arbitrary code on an affected host. This vulnerability manifests due to improper handling of objects in memory. Exploitation of this vulnerability could be achieved if a user navigates to a malicious web page or opens a malicious file designed to exploit this vulnerability. Successful exploitation would result in arbitrary code execution in the context of the current user.<br /><br /><h3 id=\"h.9ttwbr9e0ewj\">CVE-2017-8728, CVE-2017-8737 - Microsoft PDF Remote Code Execution Vulnerability</h3><br />Two vulnerabilities in the Microsoft Windows PDF library have been identified that could allow an attacker to execute arbitrary code on a targeted host. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities would result in arbitrary code execution in the context of the current user. Users who open a specially crafted PDF file or who visit a web page containing a specially crafted PDF could exploit these vulnerabilities.<br /><br /><h3 id=\"h.crqjkzdd0al6\">CVE-2017-0161 - NetBIOS Remote Code Execution Vulnerability</h3><br />A vulnerability in NetBT Session Services has been identified that could allow an attacker to execute arbitrary code on the targeted host remotely. This vulnerability manifests as a race condition \"when NetBT fails to maintain certain sequencing requirements.\" An attacker who sends specially crafted NetBT Session Service packets to the targeted system could exploit this vulnerability and achieve remote code execution.<br /><br /><h3 id=\"h.d8c9mlg86eww\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the Microsoft Browser JavaScript engine that could allow remote code execution to occur in the context of the current user. These vulnerabilities manifest due to improper handling of objects in memory, resulting in memory corruption. Exploitation of these vulnerabilities is achievable if a user visits a specially crafted web page that contains JavaScript designed to exploit one or more of these vulnerabilities. <br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8649</li><li>CVE-2017-8660</li><li>CVE-2017-8729</li><li>CVE-2017-8738</li><li>CVE-2017-8740</li><li>CVE-2017-8741</li><li>CVE-2017-8748</li><li>CVE-2017-8752</li><li>CVE-2017-8753</li><li>CVE-2017-11764</li></ul><h3 id=\"h.cya79aegordp\">CVE-2017-8682 - Win32k Graphics Remote Code Execution Vulnerability</h3><br />A vulnerability in the Windows font library has been identified that could allow an attacker to execute arbitrary code on an affected host. This vulnerability manifests due to improper handling of embedded fonts. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the current user. For this vulnerability to be exploited, a user would need to either navigate to a specially crafted website or open a specially crafted document that is designed to exploit this flaw.<br /><br /><h3 id=\"h.z0mubxvpwva7\">CVE-2017-8686 - Windows DHCP Server Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Windows Server DHCP service where remote code execution could be achieved if exploited. This vulnerability manifests as a result of the service incorrectly handling DHCP packets. Successful exploitation could allow an attacker to remotely execute code on an affected host or create a denial of service condition. For this vulnerability to be exploited, an attacker would need to send a specially crafted packet to the DHCP server that is set to failover mode. If the server is not set to failover mode, the attack will not succeed.<br /><br /><h3 id=\"h.og6ixgv9kv1f\">CVE-2017-8676 - Windows GDI+ Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability have been identified in the Windows Graphics Device Interface+ (GDI+) that could allow an attacker to obtain potentially sensitive information about the affected host. This vulnerability manifests due to the Windows GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h2 id=\"h.kw73svtlwob2\">Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated \"important\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759\">CVE-2017-8759</a> - .NET Framework Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-9417\">CVE-2017-9417</a> - Broadcom BCM43xx Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8746\">CVE-2017-8746</a> - Device Guard Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695\">CVE-2017-8695</a> - Graphics Component Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8704\">CVE-2017-8704</a> - Hyper-V Denial of Service Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706\">CVE-2017-8706</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8707\">CVE-2017-8707</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8711\">CVE-2017-8711</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8712\">CVE-2017-8712</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8713\">CVE-2017-8713</a> - Hyper-V Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8733\">CVE-2017-8733</a> - Internet Explorer Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628\">CVE-2017-8628</a> - Microsoft Bluetooth Driver Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8736\">CVE-2017-8736</a> - Microsoft Browser Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597\">CVE-2017-8597</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8643\">CVE-2017-8643</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648\">CVE-2017-8648</a> - Microsoft Edge Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8754\">CVE-2017-8754</a> - Microsoft Edge Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724\">CVE-2017-8724</a> - Microsoft Edge Spoofing Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758\">CVE-2017-8758</a> - Microsoft Exchange Cross-Site Scripting Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761\">CVE-2017-11761</a> - Microsoft Exchange Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630\">CVE-2017-8630</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8631\">CVE-2017-8631</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632\">CVE-2017-8632</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8744\">CVE-2017-8744</a> - Microsoft Office Memory Corruption Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8725\">CVE-2017-8725</a> - Microsoft Office Publisher Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8567\">CVE-2017-8567</a> - Microsoft Office Remote Code Execution</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745\">CVE-2017-8745</a> - Microsoft SharePoint Cross Site Scripting Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8629\">CVE-2017-8629</a> - Microsoft SharePoint XSS Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8742\">CVE-2017-8742</a> - PowerPoint Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8743\">CVE-2017-8743</a> - PowerPoint Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8714\">CVE-2017-8714</a> - Remote Desktop Virtual Host Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8739\">CVE-2017-8739</a> - Scripting Engine Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8692\">CVE-2017-8692</a> - Uniscribe Remote Code Execution Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8675\">CVE-2017-8675</a> - Win32k Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720\">CVE-2017-8720</a> - Win32k Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683\">CVE-2017-8683</a> - Win32k Graphics Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8677\">CVE-2017-8677</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678\">CVE-2017-8678</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8680\">CVE-2017-8680</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8681\">CVE-2017-8681</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687\">CVE-2017-8687</a> - Win32k Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702\">CVE-2017-8702</a> - Windows Elevation of Privilege Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8684\">CVE-2017-8684</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8685\">CVE-2017-8685</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8688\">CVE-2017-8688</a> - Windows GDI+ Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710\">CVE-2017-8710</a> - Windows Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8679\">CVE-2017-8679</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8708\">CVE-2017-8708</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709\">CVE-2017-8709</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8719\">CVE-2017-8719</a> - Windows Kernel Information Disclosure Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8716\">CVE-2017-8716</a> - Windows Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8699\">CVE-2017-8699</a> - Windows Shell Remote Code Execution Vulnerability</li></ul><br /><br />The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.yx03slsn57ac\">CVE-2017-8759 - .NET Framework Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Microsoft .NET Framework that could allow an attacker to execute arbitrary code on an affected device. This vulnerability manifests due to improperly handling untrusted input. Successful exploitation could result in an attacker being able to execute arbitrary code in the context of the current user. A user who opens a malicious document or application could be exploited and compromised via this vulnerability. <br /><br /><h3 id=\"h.uzavzney52sl\">CVE-2017-9417 - Broadcom BCM43xx Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the Broadcom chipsets used in HoloLens that could allow an attacker to execute arbitrary code on an affected device. This vulnerability manifests due to improper handling of Wi-fi packets. Successful exploitation of this vulnerability could result in an attacker being able to take full control of the device with administrator privileges.<br /><br /><h3 id=\"h.q0sownl8t7qr\">CVE-2017-8746 - Device Guard Security Feature Bypass Vulnerability</h3><br />A vulnerability had been identified in Device Guard that could allow an attacker bypass a security control and inject malicious code into a Windows Powershell session. This vulnerability manifests as a flaw in how the Device Guard Code Integrity policy is implemented. An attacker who has access to a local machine could inject malicious into a script that is trusted by the Code Integrity policy. As a result, the injected code could run with the same trust level as the script, bypassing the Code Integrity policy control. <br /><br /><h3 id=\"h.ll3quw96ab85\">CVE-2017-8695 - Graphics Component Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in Windows Uniscribe that could allow an attacker to obtain important system information. This information could then be used to further compromise a user's system via another vulnerability. Exploitation of this vulnerability could be achieved if a user opens a specially crafted document or visited a malicious web page that is designed to exploit this vulnerability.<br /><br /><h3 id=\"h.2bzhnugg695o\">CVE-2017-8704 - Hyper-V Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified in Microsoft Hyper-V that could cause the host machine to crash. This vulnerability manifests due to the host server improperly validating input from a privileged user within a guest operating system. An attacker who has privileged access in a guest operating system on the affected host could execute a specially crafted application could trigger this vulnerability. <br /><br /><h3 id=\"h.r4ggol7u66a4\">Multiple CVEs - Hyper-V Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in Windows Hyper-V that could allow an attacker to access sensitive information on the Hyper-V host operating system. These vulnerabilities manifest due to Hyper-V improperly validating input from an authenticated user inside a guest operating system. An attacker who has access to a guest VM and executes a specially crafted application within the guest VM could exploit this vulnerability and obtain information on the Hyper-V host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8706</li><li>CVE-2017-8707</li><li>CVE-2017-8711</li><li>CVE-2017-8712</li><li>CVE-2017-8713</li></ul><h3 id=\"h.go05wxr3gp4u\">CVE-2017-8733 - Internet Explorer Spoofing Vulnerability</h3><br />A spoofing vulnerability in Internet Explorer has been identified that could allow an attacker to trick the user into believing they were visiting a legitimate web site. This vulnerability manifests due to Internet Explorer incorrectly handling specific HTML content. A user who navigates to a specially crafted web page under the control of the attacker could be exploited. As a result, this malicious website could then be used to serve spoofed content to the user or to serve as part of a exploit chain designed to compromise the affected host.<br /><br /><h3 id=\"h.34qo8abuqnpm\">CVE-2017-8628 - Microsoft Bluetooth Driver Spoofing Vulnerability</h3><br />A spoofing vulnerability has been identified in Microsoft's implementation of the Bluetooth stack and has been disclosed as part of \"BlueBorne\" series of vulnerabilities. This vulnerability could allow an attacker to perform a man-in-the-middle attack and force a user's device to \"unknowingly route traffic through the attacker's computer.\" For this exploit to be possible, an attacker would need to be within physical proximity to the targeted device and the targeted device would need to have Bluetooth enabled. Note that if both of these conditions are satisfied, an attacker could \"initiate a Bluetooth connection to the target computer without the user's knowledge.\"<br /><br /><h3 id=\"h.ln4j5mfzpuxf\">CVE-2017-8736 - Microsoft Browser Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Edge and Internet Explorer has been identified that could allow an attacker to obtain information regarding the user's current session. This vulnerability manifests due to the browser improperly verifying parent domains in certain functionality. An attacker who socially engineers a user to visiting a specially crafted web page could exploit this flaw and obtain information that is specific to the parent domain. <br /><br /><h3 id=\"h.oviarhz23nwn\">CVE-2017-8597, CVE-2017-8648 - \ufeffMicrosoft Edge Information Disclosure Vulnerability</h3><br />Multiple vulnerabilities in Microsoft Edge have been identified that could allow an attacker to discover sensitive information regarding the targeted system. These vulnerabilities manifest due to improper handling of objects in memory. Successful exploitation of these vulnerabilities could given an attacker the necessary information to further exploit additional vulnerabilities on the system.<br /><br /><h3 id=\"h.191qetibk7vs\">CVE-2017-8643 - \ufeffMicrosoft Edge Information Disclosure Vulnerability</h3><br />An vulnerability in Microsoft Edge has been identified that could permit the disclosure of potentially sensitive information. This vulnerability manifests due to Microsoft Edge improperly handling clipboard events. Exploitation of this vulnerability is achievable if an attacker socially engineers a user to open a specially crafted web page that exploits this flaw. As long has this web page remains open, an attacker would be able to able to gain knowledge of clipboard activities.<br /><br /><h3 id=\"h.pwpku8fvq7t4\">CVE-2017-8754 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could allow an attacker to bypass the Content Security Policy (CSP) feature. This vulnerability manifests due to improperly validating certain specially crafted documents. Successful exploitation could allow an attacker to redirect users to a malicious web page. Users who visit a specially crafted web page under the control of the attacker could be exploited. Alternatively, users who visit a compromised web page or who get served a malicious advertisement an attacker has injected into an advertising network could be exploited.<br /><br /><h3 id=\"h.bogzmmli42pp\">CVE-2017-8724 - Microsoft Edge Spoofing Vulnerability</h3><br />A vulnerability in Edge has been identified that could allow an attacker to spoof content on a targeted host. This vulnerability manifests due to improper parsing of HTTP content. Successful exploitation of this vulnerability would result in the user being redirected to a web site of the attacker's choosing. This web site could then spoof content or serve as part of an exploit chain whereby the user could be exploited via another vulnerability. Scenarios where a user could be attacked include email or instant message vectors where the user clicks on a malicious link, or the user navigates to a specially crafted web page under the control of the attacker.<br /><br /><h3 id=\"h.g6dm6snlerd4\">CVE-2017-8758 - Microsoft Exchange Cross-Site Scripting Vulnerability</h3><br />A cross-site scripting vulnerability in Microsoft Exchange has been identified that could allow an attacker to perform a content/script injection attack. This vulnerability manifests due to Exchange failing to properly handle web requests. An attacker who sends an intended victim a specially crafted email containing a malicious link could exploit this vulnerability and potentially trick the user into disclosing sensitive information.<br /><br /><h3 id=\"h.pg5opjwskjeq\">CVE-2017-11761 - Microsoft Exchange Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Exchange has been identified that could allow an attacker to obtain information regarding the affected server's local network. This vulnerability manifests as an information disclosure flaw due to improper input sanitization. An attacker who includes specially crafted tags in a Calendar-related message and sends this to an affected Exchange server could exploit this flaw and enumerate internal hosts assigned an RFC 1918 IP address. This information could then be used as part of a larger attack.<br /><br /><h3 id=\"h.viucs2kai67d\">Multiple CVEs - Microsoft Office Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified affecting Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. These vulnerabilities manifest due to Office improperly handling objects in memory. A users who opens a maliciously crafted Office document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. <br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8630</li><li>CVE-2017-8631</li><li>CVE-2017-8632</li><li>CVE-2017-8744</li></ul><h3 id=\"h.nuqj6pjdzqbu\">CVE-2017-8725 - Microsoft Office Publisher Remote Code Execution</h3><br />A vulnerability has been identified affecting Microsoft Office Publisher that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Publisher improperly handling objects in memory. A users who opens a maliciously crafted Publisher document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Publisher document. <br /><br /><h3 id=\"h.esin5ce3nqec\">CVE-2017-8567 - Microsoft Office Remote Code Execution</h3><br />A vulnerability has been identified affecting Microsoft Office that could allow an attacker to execute arbitrary code on an affected system. This vulnerability manifests due to Office improperly handling objects in memory. A user who opens a maliciously crafted document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Office document. Note that Preview Pane is not an attack vector for this vulnerability.<br /><br /><h3 id=\"h.ospgiqaad31r\">CVE-2017-8745, CVE-2017-8629 - Microsoft SharePoint XSS Vulnerability</h3><br />Two vulnerabilities in Microsoft Sharepoint have been identified that could could allow an attacker to execute a cross-site scripting (XSS) attack. These vulnerabilities manifest due to Sharepoint Server improperly sanitizing specific web requests from a user. Successful exploitation of these flaws could allow an attacker to execute script in the context of the current user, read content that the attacker would not have permission to otherwise view, or execute actions on behalf of the affected user.<br /><br /><h3 id=\"h.635w9ipli4p\">CVE-2017-8742, CVE-2017-8743 - PowerPoint Remote Code Execution Vulnerability</h3><br />Two vulnerabilities have been identified affecting Microsoft Office Powerpoint that could allow an attacker to execute arbitrary code on an affected system. These vulnerabilities manifest due to Powerpoint improperly handling objects in memory. A user who opens a maliciously crafted Powerpoint document could be exploited, resulting in arbitrary code execution of the attacker's choice in the context of the current user. Scenarios where this could occur include email-based attacks, where the attacker sends the victim a message with a malicious attachment, or web-based attacks where the user downloads and opens a malicious Powerpoint document. <br /><br /><h3 id=\"h.o485gj9i5m2w\">CVE-2017-8714 - Remote Desktop Virtual Host Remote Code Execution Vulnerability</h3><br />A vulnerability has been identified in the VM Host Agent Service of Remote Desktop Virtual Host that could allow an attacker to execute arbitrary code on an affected host. This vulnerability manifests due to improperly validating input from an authenticated user within a guest operating system. Exploitation of this flaw is achievable if an attacker issues a \"specially crafted certificate\" within a guest operating system, causing the \"VM host agent service on the host operating system to execute arbitrary code.\" Microsoft notes that the Remote Desktop Virtual Host role is not enabled by default.<br /><br /><h3 id=\"h.ky3d7sjix04t\">CVE-2017-8739 - Scripting Engine Information Disclosure Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could disclose sensitive information to an attacker. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining information that could then be used to further exploit the system. Users who visit a specially crafted web page under the control of the attacker could be exploited.<br /><br /><h3 id=\"h.z9wdxzsfio38\">CVE-2017-8692 - Uniscribe Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in Windows Uniscribe that could allow an attacker to execute code in the context of the current user. This vulnerability manifests due to Uniscribe improperly handling objects in memory. Exploitation of this vulnerability could be achieved if a user navigates to a malicious web page or opens a malicious file designed to exploit this vulnerability. <br /><br /><h3 id=\"h.t7doth5n2cw\">CVE-2017-8593 - Win32k Elevation of Privilege Vulnerability</h3><br />A vulnerability in Windows Kernel Mode Drivers has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability could result in an attacker being able to execute arbitrary code in kernel mode. An attacker who executes a specially crafted executable could exploit this vulnerability and as a result, gain full control of the affected system.<br /><br /><h3 id=\"h.ta4wavxlagpn\">CVE-2017-8720 - Win32k Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Win32k component in Windows has been identified that could allow a privilege escalation attack to occur. This vulnerability manifests due to improper handling of objects in memory. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system. Users who run a specially crafted executable that exploits this vulnerability could leverage this vulnerability to perform actions as an administrator on the affected system.<br /><br /><h3 id=\"h.kkm2sbbbbjiq\">CVE-2017-8683 - Win32k Graphics Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows Graphics Component that could allow an attacker to gain information about the host. This vulnerability manifests due to the Graphics Component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h3 id=\"h.fi4oouptx2sl\">CVE-2017-8678 - Win32k Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information about the host. This vulnerability manifests due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br /><h3 id=\"h.jmbol5pwp86e\">Multiple CVEs - Win32k Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows Graphics Device Interface+ (GDI+) component that could allow an attacker to gain information about the host. This vulnerability manifests due to the GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8677</li><li>CVE-2017-8680</li><li>CVE-2017-8681</li></ul><h3 id=\"h.ck0pehdfhuu3\">CVE-2017-8687 - Win32k Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information which could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This vulnerability manifests due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and obtain the \"memory address of a kernel object,\" allowing an attacker to leverage the information to further compromise the host.<br /><br /><h3 id=\"h.4erxlgg1wp8\">CVE-2017-8702 - Windows Elevation of Privilege Vulnerability</h3><br />A vulnerability in the Windows Error Reporting (WER) has been identified that could allow a privilege escalation attack to occur. Successful exploitation of this vulnerability would result in an attacker obtaining administrator privileges on the targeted system.<br /><br /><h3 id=\"h.8xq934iw79wv\">Multiple CVEs - Windows GDI+ Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows Graphics Device Interface+ (GDI+) that could allow an attacker to obtain potentially sensitive information about the affected host. These vulnerabilities manifest due to the Windows GDI+ component improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit this vulnerability and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8684</li><li>CVE-2017-8685</li><li>CVE-2017-8688</li></ul><h3 id=\"h.j57wphkiyqt8\">CVE-2017-8710 - Windows Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability in the Windows System Information Console has been identified that could allow an attacker to read arbitrary files on an affected system. This vulnerability manifests due to improper parsing of XML input which contains a reference to an external entity. An attacker who creates specially crafted file containing XML content and either opens the file or socially engineers an user to open the file on an affected system could exploit this vulnerability. <br /><br /><h3 id=\"h.7b1xywt7n53p\">Multiple CVEs - Windows Kernel Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified in the Windows kernel that could allow an attacker gain information about the host. These vulnerabilities manifest due to the kernel improperly handling objects in memory. An attacker who runs a specially crafted executable could exploit these vulnerabilities and leverage the information to further compromise the host.<br /><br />The following is a list of CVEs that reflect these vulnerabilities:<br /><ul><li>CVE-2017-8679</li><li>CVE-2017-8709</li><li>CVE-2017-8719</li></ul><h3 id=\"h.cbhbkylvrzxe\">CVE-2017-8708 - Windows Kernel Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified in the Windows kernel that could allow an attacker to gain information which could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. This vulnerability manifests due to the kernel failing to properly initialize a memory address. An attacker who runs a specially crafted executable could exploit this vulnerability and obtain the \"base address of the kernel driver from a compromised process,\" allowing an attacker to leverage the information to further compromise the host.<br /><br /><h3 id=\"h.xp1vybmtwc6q\">CVE-2017-8716 - Windows Security Feature Bypass Vulnerability</h3><br />A vulnerability has been identified in Windows Control Flow Guard that could allow an attacker bypass its intended function. This vulnerability manifests due to the Control Flow Guard mishandling objects in memory. An attacker who runs a specially crafted executable on an affected host could exploit this vulnerability.<br /><br /><h3 id=\"h.5dcwsx39r8a8\">CVE-2017-8699 - Windows Shell Remote Code Execution Vulnerability</h3><br />An arbitrary code execution vulnerability has been identified in the Windows Shell that could allow an attacker to execute code in the context of the current user. This vulnerability manifests as a result of Window Shell improperly validating file copy destinations. An attacker who opens a specially crafted file could exploit this vulnerability. Scenarios where end-user could be compromised include email-based attacks, where an attacker send the victim a malicious attachment that the user opens, or a web-based attack where the user downloads and opens a malicious file.<br /><br /><h2 id=\"h.b311wwj7cqyf\">Vulnerabilities Rated Moderate</h2><br />The following vulnerabilities are rated \"moderate\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8723\">CVE-2017-8723</a> - Microsoft Edge Security Feature Bypass Vulnerability</li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8735\">CVE-2017-8735</a> - Internet Explorer Memory Corruption Vulnerability</li></ul>The following briefly describes these vulnerabilities.<br /><br /><h3 id=\"h.6ja1j3o46v6h\">CVE-2017-8723 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A vulnerability in Microsoft Edge has been identified that could allow an attacker to bypass the Content Security Policy (CSP) feature. This vulnerability manifests due to improperly validating certain specially crafted documents. Successful exploitation could allow an attacker to redirect users to a malicious web page. Users who visit a specially crafted web page under the control of the attacker could be exploited. Alternatively, users who visit a compromised web page or who get served a malicious advertisement an attacker has injected into an advertising network could be exploited.<br /><br /><h3 id=\"h.iughuzwb6gbk\">CVE-2017-8735 - Microsoft Edge Spoofing Vulnerability</h3><br />A vulnerability in Edge has been identified that could allow an attacker to spoof content on a targeted host. This vulnerability manifests due to improper parsing of HTTP content. Successful exploitation of this vulnerability would result in the user being redirected to a web site of the attacker's choosing. This web site could then spoof content or serve as part of an exploit chain whereby the user could be exploited via another vulnerability. Scenarios where a user could be attacked include email or instant message vectors where the user clicks on a malicious link, or if the user navigates to a specially crafted web page under the control of the attacker.<br /><br /><h2 id=\"h.oka11wrn5dcu\">Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following rules to address these vulnerabilities. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on <a href=\"https://snort.org/products\">Snort.org</a>.<br /><br /><b>Snort Rules:</b><br /><ul><li>42285-42286</li><li>42311-42312</li><li>42749-42750</li><li>44331-44336</li><li>44338-44343</li><li>44349-44350</li><li>44353-44357</li></ul><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=Gck7dmdECXk:Kp7QhKuWcqI:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/Gck7dmdECXk\" height=\"1\" width=\"1\" alt=\"\"/>", "cvss3": {}, "published": "2017-09-12T15:41:00", "title": "Microsoft Patch Tuesday - September 2017", "type": "talosblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0161", "CVE-2017-11761", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-8567", "CVE-2017-8593", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8629", "CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8725", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8744", "CVE-2017-8745", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8758", "CVE-2017-8759", "CVE-2017-9417"], "modified": "2017-09-12T22:44:10", "id": "TALOSBLOG:36D857BF71D07CAE276BCB26AC34D574", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Gck7dmdECXk/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-09-25T14:43:29", "description": "![](http://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nIn last week\u2019s [blog](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-4-2017/>), I mentioned the Apache Struts vulnerability, which is still making headlines as estimates show that as many as 65 percent of Fortune 500 companies use it in some form. In addition, Equifax claims [it has played a role](<https://www.equifaxsecurity2017.com/2017/09/13/progress-update-consumers-4/>) in their breach affecting more than 143 million Americans.\n\nOn July 11, 2017, Digital Vaccine\u00ae (DV) filter 29068 (HTTP: Apache Struts 2 Struts 1 Plugin Remote Code Execution Vulnerability) was shipped to customers using TippingPoint solutions to address a vulnerability in Struts. Once the TippingPoint DVLabs team discovered the exploit code for CVE-2017-12611, it was tested and the team found that DV filter 29068 effectively covered this vulnerability while it was still a 0-day for nearly two months! Looking at data from a small percentage of customers using TippingPoint solutions, the DVLabs team has seen significant activity from filter 29068, including a mixture of both scanning/fingerprinting attempts of the vulnerability, as well as actual exploit attempts. Since this DV filter was available since July, customers have been able to use it as a virtual patch to protect their networks while they work out their process to patch the Apache vulnerability and make other system and policy adjustments.\n\nFor more information on the Apache Struts vulnerability and Trend Micro coverage, please reference the following blogs:\n\n| \n\n * [CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution](<http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/>)\n * [New Apache Struts Vulnerability Could Be Worse than POODLE](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/new-apache-struts-vulnerability-could-be-worse-than-poodle>) \n---|--- \n| \n \n**TippingPoint\u00ae Threat Management Center (TMC) and ThreatLinQ Planned System Outage Notification**\n\nEffective Sunday, September 24, 2017, Trend Micro is introducing an enhanced License Manager feature to allow for easier management of licenses for the TippingPoint Threat Protection System (TPS) family of products. In order to deploy the new feature, both the Threat Management Center (TMC) and ThreatLinQ Web sites will be intermittently unavailable during the following dates and times:\n\n**From** | **Time** | **To** | **Time** \n---|---|---|--- \nFriday, September 22, 2017 | 7:00 PM (CDT) | Sunday, September 24, 2017 | 8:00 PM (CDT) \nSaturday, September 23, 2017 | 12:00 AM (UTC) | Monday, September 25, 2017 | 1:00 AM (UTC) \n \n \n\nDuring the upgrade window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW), Threat Protection System (TPS) and ArcSight Enterprise Security Manager (ESM) connectivity to the TMC will be intermittently unavailable. This will prevent Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring until the upgrade is completed. Customers with any questions or concerns can contact the TippingPoint Technical Assistance Center (TAC).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before September 12, 2017. Microsoft released a whopping 81 security patches for September covering Windows, Internet Explorer (IE), Edge, Exchange, .NET Framework, Office, and Hyper-V. 26 of the patches are listed as Critical, 53 are rated Important, and two are Moderate in severity. 10 of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [September 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-0161 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8567 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8597 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8628 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8629 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8630 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8631 | 29599 | \nCVE-2017-8632 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8643 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8648 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8649 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8660 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8675 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8676 | *28226 | \nCVE-2017-8677 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8678 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8679 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8680 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8681 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8682 | 29569 | \nCVE-2017-8683 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8684 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8685 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8686 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8687 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8688 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8692 | *28737 | \nCVE-2017-8695 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8696 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8699 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8702 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8704 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8706 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8707 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8708 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8709 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8710 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8711 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8712 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8713 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8714 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8716 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8719 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8720 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8723 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8724 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8725 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8728 | 29574 | \nCVE-2017-8729 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8731 | 29577 | \nCVE-2017-8733 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8734 | 29579 | \nCVE-2017-8735 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8736 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8737 | *28736 | \nCVE-2017-8738 | *28981 | \nCVE-2017-8739 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8740 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8742 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8743 | *29153 | \nCVE-2017-8744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8747 | 29581 | \nCVE-2017-8748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8749 | 29575 | \nCVE-2017-8750 | 29576 | \nCVE-2017-8751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8753 | 29573 | \nCVE-2017-8754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8755 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8756 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8757 | 29578 | \nCVE-2017-8758 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8759 | 29600 | \nCVE-2017-9417 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11761 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Mobile Pwn2Own 2017 Returns to Tokyo!**\n\nThe Zero Day Initiative is pleased to announce the sixth annual Mobile Pwn2Own\u2122 competition will return at this year\u2019s [PacSec](<https://pacsec.jp/>) conference in Tokyo on November 1-2, 2017. The tradition of crowning a Master of Pwn will also return as some of the world\u2019s top security researchers demonstrate attacks on the most popular mobile devices. More than $500,000 USD will be available in the prize pool, with add-on bonuses for exploits that meet a higher bar of difficulty. For details on targets and challenges as well as the complete set of rules, click [here](<https://www.zerodayinitiative.com/blog/2017/8/24/mobile-pwn2own-2017-returns-to-tokyo>).\n\n**Zero-Day Filters**\n\nThere are 18 new zero-day filters covering seven vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (1)_**\n\n| \n\n * 29584: ZDI-CAN-5034: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)**_ _** \n---|--- \n| \n \n**_Delta (1)_**\n\n| \n\n * 29557: HTTP: Delta Industrial Automation WPLSoft File Parser Usage (ZDI-17-698) \n---|--- \n| \n \n**_Eaton (1)_**\n\n| \n\n * 29558: HTTP: Eaton ELCSoft Buffer Overflow Vulnerability (ZDI-17-519) \n---|--- \n| \n \n**_Foxit (12)_**\n\n| \n\n * 29544: ZDI-CAN-5016: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29545: ZDI-CAN-5017: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29546: ZDI-CAN-5018: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29552: ZDI-CAN-5019: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29553: ZDI-CAN-5020,5027,5029: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29555: ZDI-CAN-5021: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29556: ZDI-CAN-5022: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29559: ZDI-CAN-5023: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29563: ZDI-CAN-5024: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29564: ZDI-CAN-5025: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29565: ZDI-CAN-5026: Zero Day Initiative Vulnerability (Foxit Reader)\n * 29566: ZDI-CAN-5028: Zero Day Initiative Vulnerability (Foxit Reader) \n---|--- \n| \n \n**_Mitsubishi Electric (1)_**\n\n| \n\n * 29448: HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Buffer Overflow Vulnerability (ZDI-17-508) \n---|--- \n| \n \n**_Schneider Electric (1)_**\n\n| \n\n * 29550: HTTP: Schneider Electric U.motion Builder SOAP Request SQL Command Execution (ZDI-17-387) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 29452: HTTP: Trend Micro Control Manager cgiShowClientAdm Authentication Request (ZDI-17-244) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-4-2017/>).", "cvss3": {}, "published": "2017-09-15T14:59:53", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of September 11, 2017", "type": "trendmicroblog", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-0161", "CVE-2017-11761", "CVE-2017-11764", "CVE-2017-11766", "CVE-2017-12611", "CVE-2017-5638", "CVE-2017-8567", "CVE-2017-8597", "CVE-2017-8628", "CVE-2017-8629", "CVE-2017-8630", "CVE-2017-8631", "CVE-2017-8632", "CVE-2017-8643", "CVE-2017-8648", "CVE-2017-8649", "CVE-2017-8660", "CVE-2017-8675", "CVE-2017-8676", "CVE-2017-8677", "CVE-2017-8678", "CVE-2017-8679", "CVE-2017-8680", "CVE-2017-8681", "CVE-2017-8682", "CVE-2017-8683", "CVE-2017-8684", "CVE-2017-8685", "CVE-2017-8686", "CVE-2017-8687", "CVE-2017-8688", "CVE-2017-8692", "CVE-2017-8695", "CVE-2017-8696", "CVE-2017-8699", "CVE-2017-8702", "CVE-2017-8704", "CVE-2017-8706", "CVE-2017-8707", "CVE-2017-8708", "CVE-2017-8709", "CVE-2017-8710", "CVE-2017-8711", "CVE-2017-8712", "CVE-2017-8713", "CVE-2017-8714", "CVE-2017-8716", "CVE-2017-8719", "CVE-2017-8720", "CVE-2017-8723", "CVE-2017-8724", "CVE-2017-8725", "CVE-2017-8728", "CVE-2017-8729", "CVE-2017-8731", "CVE-2017-8733", "CVE-2017-8734", "CVE-2017-8735", "CVE-2017-8736", "CVE-2017-8737", "CVE-2017-8738", "CVE-2017-8739", "CVE-2017-8740", "CVE-2017-8741", "CVE-2017-8742", "CVE-2017-8743", "CVE-2017-8744", "CVE-2017-8745", "CVE-2017-8746", "CVE-2017-8747", "CVE-2017-8748", "CVE-2017-8749", "CVE-2017-8750", "CVE-2017-8751", "CVE-2017-8752", "CVE-2017-8753", "CVE-2017-8754", "CVE-2017-8755", "CVE-2017-8756", "CVE-2017-8757", "CVE-2017-8758", "CVE-2017-8759", "CVE-2017-9417"], "modified": "2017-09-15T14:59:53", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-september-11-2017/", "id": "TRENDMICROBLOG:5232F354244FCA9F40053F10BE385E28", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}