Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•12 views

Microsoft Windows DirectShow Information Disclosure (MS17-021: CVE-2017-0042)

An information disclosure vulnerability exists in Windows DirectShow. The vulnerability is due to the way Windows DirectShow handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

2.6CVSS4.5AI score0.29524EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•16 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0030)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.25985EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3002)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS3.7AI score0.05099EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0130)

A type confusion vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file...

7.6CVSS7.2AI score0.23267EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•24 views

Microsoft IIS Server XSS Elevation of Privilege (MS17-016: CVE-2017-0055)

A cross-site scripting vulnerability exists in Microsoft IIS, due to improper input validation. A remote attacker can exploit this issue by enticing an affected user to open a specially crafted web page. Successful exploitation could allow an attacker to spoof content, disclose information, or ta...

4.3CVSS5.8AI score0.16369EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3003)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS3.7AI score0.05254EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-07: CVE-2017-2999)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04101EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3001)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS3.3AI score0.05099EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Adobe Flash Player Stack Buffer Overflow (APSB17-07: CVE-2017-2997)

A Stack buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS5.7AI score0.07404EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB17-07: CVE-2017-2998)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04066EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•13 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0146)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.89862EPSS
Exploits27
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•11 views

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0141)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a heap overflow when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8.1AI score0.4817EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•15 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0087)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS4.2AI score0.42546EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•7 views

Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0032)

An integer overflow vulnerability exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. Successful exploitation of this issue can lead to arbitrary memory write...

7.6CVSS7.4AI score0.1523EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•2 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0052)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.16607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•4 views

Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0082)

Multiple elevation of privilege vulnerabilities have been reported in Microsoft Windows. The vulnerability is due to the way Windows kernel-mode driver handles objects in memory. A remote attacker can exploit this vulnerability to execute arbitrary code...

7.2CVSS8.3AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•8 views

Microsoft Windows Kernel Elevation of Privilege (MS17-017: CVE-2017-0050)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows kernel API enforces permissions. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

7.2CVSS7.2AI score0.01468EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0140)

Security feature bypass exists in Microsoft Edge. The vulnerability is due to a breach in the way Microsoft Edge implements SOP Same Origin Policy for HTML elements present in other browser windows. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously craft...

4CVSS4.9AI score0.28545EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•22 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.9923EPSS
Exploits55
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•3 views

Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0035)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted js file. Successful exploitation could caus...

7.6CVSS7.9AI score0.1523EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•13 views

Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0024)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker could exploit this vulnerability by running a specially crafted application...

7.2CVSS7.3AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0094)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.2AI score0.31672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0145)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.8985EPSS
Exploits18
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Edge Spoofing (MS17-007: CVE-2017-0069)

A spoofing vulnerability exists in Microsoft Edge. The vulnerability is due to improper parsing of HTTP content. A remote attacker could trick a user by redirecting them to a specially crafted website which could spoof content or be used as a pivot to chain an attack with other vulnerabilities in...

4.3CVSS5.5AI score0.08577EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0081)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS7.3AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0088)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.41872EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0047)

Elevation of privilege vulnerabilities exists in Windows Graphics Device Interface. The vulnerability is due to the way Windows Graphics Device Interface handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

7.2CVSS4.9AI score0.01858EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•8 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0031)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.26316EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•8 views

Microsoft Windows Uniscribe Remote Code Execution (MS17-011: CVE-2017-0089)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file...

9.3CVSS8.5AI score0.57338EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•13 views

Microsoft Office Information Disclosure (MS17-014: CVE-2017-0027)

An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly discloses the contents of its memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

2.6CVSS4.7AI score0.22552EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Device Guard Security Feature Bypass (MS17-012: CVE-2017-0007)

A security feature bypass vulnerability has been reported in Microsoft Windows Device Guard. The vulnerability is due to the way Device Guard improperly validates certain elements of a signed PowerShell script. A remote attacker could exploit this vulnerability by enticing a target user to open a...

2.1CVSS3.9AI score0.11264EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•7 views

Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0080)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated privileges...

7.2CVSS7.6AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0015)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.5AI score0.26374EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Browser Information Disclosure (MS17-007: CVE-2017-0065)

An information disclosure vulnerability exists in Microsoft Edge. This vulnerability is due to a design weakness in the affected software. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...

4.3CVSS4.9AI score0.27406EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•17 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0019)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.16607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0010)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an out of bounds read when using the JavaScript "use asm" directive. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8AI score0.27051EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Edge Information Disclosure (MS17-007: CVE-2017-0017)

An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

4.3CVSS5AI score0.41952EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•12 views

Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...

7.2CVSS7.4AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Browser Memory Corruption (MS17-006: CVE-2017-0009)

A Use-After-Free vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user ...

4.3CVSS1.7AI score0.3962EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0018)

An elevation of Privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS3.7AI score0.13076EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•8 views

Microsoft Internet Explorer Information Disclosure (MS17-006: CVE-2017-0008)

An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

4.3CVSS2AI score0.36998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•8 views

Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0040)

An out-of-bounds-read vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause...

7.6CVSS7.7AI score0.13463EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•19 views

Microsoft Windows SMB Information Disclosure (MS17-010: CVE-2017-0147)

An information disclosure vulnerability exists in the SMBv1 component of Microsoft Windows SMB server. The vulnerability is due to improper handling of SMBv1 requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted SMBv1 messages to a target server...

4.3CVSS6AI score0.99693EPSS
Exploits22
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Browser Spoofing (MS17-006: CVE-2017-0033)

A website spoofing vulnerability exists in Microsoft Internet Explorer and Edge. This vulnerability is due to improper access restrictions in the ms-appx-web protocol when accessing the Blocksite.htm resource. A remote, unauthenticated attacker could exploit this vulnerability by redirecting the...

4.3CVSS5.8AI score0.08093EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•6 views

Microsoft Windows Win32k Elevation of Privilege (MS17-018: CVE-2017-0056)

A use after free vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k to load a custom font from an arbitrary file on disk. Successful exploitation could allow an attacker to run arbitrary code with elevated privileges...

7.2CVSS7.8AI score0.0139EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•9 views

Microsoft Edge Information Disclosure (MS17-007: CVE-2017-0011)

An information disclosure vulnerability has been reported in Microsoft Edge. The vulnerability is due to the way that Microsoft Edge improperly handles the referrer policy. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of...

4.3CVSS4.7AI score0.4236EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Edge Scripting Engine Memory Corruption (MS17-007: CVE-2017-0067)

A Memory Corruption Vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted file...

7.6CVSS7.2AI score0.1523EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows COM Elevation of Privilege (MS17-012: CVE-2017-0100)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows COM session moniker enforces RunAs permissions when registering DCOM objects. A remote attacker can exploit this vulnerability to execute arbitrary code...

4.4CVSS4.9AI score0.04957EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.16607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•10 views

Microsoft Windows DLL Loading Remote Code Execution (MS17-012: CVE-2017-0039)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading certain libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS4.6AI score0.37493EPSS
Exploits0
Total number of security vulnerabilities13538