13538 matches found
Microsoft Windows DirectShow Information Disclosure (MS17-021: CVE-2017-0042)
An information disclosure vulnerability exists in Windows DirectShow. The vulnerability is due to the way Windows DirectShow handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0030)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3002)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0130)
A type confusion vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file...
Microsoft IIS Server XSS Elevation of Privilege (MS17-016: CVE-2017-0055)
A cross-site scripting vulnerability exists in Microsoft IIS, due to improper input validation. A remote attacker can exploit this issue by enticing an affected user to open a specially crafted web page. Successful exploitation could allow an attacker to spoof content, disclose information, or ta...
Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3003)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...
Adobe Flash Player Memory Corruption (APSB17-07: CVE-2017-2999)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3001)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Flash Player Stack Buffer Overflow (APSB17-07: CVE-2017-2997)
A Stack buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Adobe Flash Player Memory Corruption (APSB17-07: CVE-2017-2998)
A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)
A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0141)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a heap overflow when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0087)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0032)
An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. Successful exploitation of this issue can lead to arbitrary memory write...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0052)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0082)
Multiple elevation of privilege vulnerabilities have been reported in Microsoft Windows. The vulnerability is due to the way Windows kernel-mode driver handles objects in memory. A remote attacker can exploit this vulnerability to execute arbitrary code...
Microsoft Windows Kernel Elevation of Privilege (MS17-017: CVE-2017-0050)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows kernel API enforces permissions. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...
Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0140)
Security feature bypass exists in Microsoft Edge. The vulnerability is due to a breach in the way Microsoft Edge implements SOP Same Origin Policy for HTML elements present in other browser windows. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously craft...
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)
A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...
Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0035)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js file. Successful exploitation could caus...
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0024)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker could exploit this vulnerability by running a specially crafted application...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0094)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0145)
A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...
Microsoft Edge Spoofing (MS17-007: CVE-2017-0069)
A spoofing vulnerability exists in Microsoft Edge. The vulnerability is due to improper parsing of HTTP content. A remote attacker could trick a user by redirecting them to a specially crafted website which could spoof content or be used as a pivot to chain an attack with other vulnerabilities in...
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0081)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0088)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0047)
Elevation of privilege vulnerabilities exists in Windows Graphics Device Interface. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0031)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0089)
A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Office Information Disclosure (MS17-014: CVE-2017-0027)
An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Device Guard Security Feature Bypass (MS17-012: CVE-2017-0007)
A security feature bypass vulnerability has been reported in Microsoft Windows Device Guard. The vulnerability is due to the way Device Guard improperly validates certain elements of a signed PowerShell script. A remote attacker could exploit this vulnerability by enticing a target user to open a...
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0080)
An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated privileges...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0015)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...
Microsoft Browser Information Disclosure (MS17-007: CVE-2017-0065)
An information disclosure vulnerability exists in Microsoft Edge. This vulnerability is due to a design weakness in the affected software. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0019)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0010)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an out of bounds read when using the JavaScript "use asm" directive. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...
Microsoft Edge Information Disclosure (MS17-007: CVE-2017-0017)
An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)
An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...
Microsoft Browser Memory Corruption (MS17-006: CVE-2017-0009)
A Use-After-Free vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user ...
Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0018)
An elevation of Privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Internet Explorer Information Disclosure (MS17-006: CVE-2017-0008)
An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0040)
An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause...
Microsoft Windows SMB Information Disclosure (MS17-010: CVE-2017-0147)
An information disclosure vulnerability exists in the SMBv1 component of Microsoft Windows SMB server. The vulnerability is due to improper handling of SMBv1 requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMBv1 messages to a target server...
Microsoft Browser Spoofing (MS17-006: CVE-2017-0033)
A website spoofing vulnerability exists in Microsoft Internet Explorer and Edge. This vulnerability is due to improper access restrictions in the ms-appx-web protocol when accessing the Blocksite.htm resource. A remote, unauthenticated attacker could exploit this vulnerability by redirecting the...
Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0056)
A use after free vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k to load a custom font from an arbitrary file on disk. Successful exploitation could allow an attacker to run arbitrary code with elevated privileges...
Microsoft Edge Information Disclosure (MS17-007: CVE-2017-0011)
An information disclosure vulnerability has been reported in Microsoft Edge. The vulnerability is due to the way that Microsoft Edge improperly handles the referrer policy. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...
Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0067)
A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...
Microsoft Windows COM Elevation of Privilege (MS17-012: CVE-2017-0100)
An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows COM session moniker enforces RunAs permissions when registering DCOM objects. A remote attacker can exploit this vulnerability to execute arbitrary code...
Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Microsoft Windows DLL Loading Remote Code Execution (MS17-012: CVE-2017-0039)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading certain libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...