Microsoft Windows CVE-2017-0039 DLL Loading Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microso...

Microsoft Office CVE-2017-0027 Information Disclosure Vulnerability

Description Microsoft Office is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Excel 2007 SP3 Microsoft Excel 2010 Service Pack 2 32-bit editions Microsoft Excel 20...

Microsoft Internet Explorer CVE-2017-0149 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-i...

Microsoft Windows Hyper-V CVE-2017-0098 Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...

Microsoft Internet Explorer and Edge CVE-2017-0009 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, and 11 are vulnerable. Technologies Affected Microsoft Edge...

Microsoft Windows SMB Server CVE-2017-0147 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Windows CVE-2017-0101 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows...

Microsoft Windows Kernel 'Win32k.sys' CVE-2017-0080 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Microsoft Lync for Mac CVE-2017-0129 SSL Certificate Validation Security Bypass Vulnerability

Description Microsoft Lync for Mac is prone to a security-bypass vulnerability that affects the IP-HTTPS server component. Successful exploits may allow attackers to perform man-in-the-middle attacks or impersonate trusted clients, which will aid in further attacks. Technologies Affected Microsof...

Microsoft Office CVE-2017-0029 Denial of Service Vulnerability

Description Microsoft Office is prone to a remote denial of service vulnerability. Attackers can exploit this issue to cause the affected application to stop responding, denying service to legitimate users. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Offic...

Microsoft Windows Graphics Component CVE-2017-0014 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or webpage. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed explo...

Microsoft Internet Explorer and Edge CVE-2017-0033 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Microsoft Windows HelpPane CVE-2017-0100 Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of another user's session. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 160...

Microsoft Windows Hyper-V CVE-2017-0074 Remote Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...

Microsoft Windows Uniscribe CVE-2017-0126 Information Disclosure Vulnerability

Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...

Microsoft Windows Uniscribe CVE-2017-0084 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or webpage. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed explo...

Microsoft Edge CVE-2017-0011 Information Disclosure Vulnerability

Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...

Microsoft Windows Hyper-V CVE-2017-0109 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Window...

Microsoft Internet Explorer CVE-2017-0008 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, and 11 are vulnerable. Technologies Affected Microsoft Internet Explorer ...

Microsoft Windows Uniscribe CVE-2017-0128 Information Disclosure Vulnerability

Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...

Microsoft Office CVE-2017-0053 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

Microsoft Windows CVE-2017-0057 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to gain access to potentially sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Windows Uniscribe CVE-2017-0121 Information Disclosure Vulnerability

Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Edge CVE-2017-0068 Information Disclosure Vulnerability

Description Microsoft Edge is prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks...

Microsoft Internet Explorer CVE-2017-0049 Scripting Engine Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 11 is vulnerable. Technologies Affected Microsoft Internet Explorer 11...

Microsoft Office CVE-2017-0020 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

Microsoft Windows Uniscribe CVE-2017-0120 Information Disclosure Vulnerability

Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-bas...

Microsoft Office CVE-2017-0031 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

Symantec Web Gateway Management Console XSS

SUMMARY Symantec has released updates to address cross-site scripting XSS issues in Symantec Web Gateway SWG Management Console releases prior to 5.2.7 AFFECTED PRODUCTS Symantec Web Gateway SWG --- CVE | Affected Versions | Remediation CVE-2016-9096 | Prior to 5.2.7 | Upgrade to 5.2.7 ISSUES...

Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection

SUMMARY Symantec has released updates to address security issues reported in both Symantec Endpoint Protection 12.1 and Symantec Endpoint Protection 14.0 Windows clients. AFFECTED PRODUCTS Symantec Endpoint Protection SEP --- CVE | Affected Versions | Remediation CVE-2016-9093 CVE-2016-9094 | Pri...

SA144 : OpenSSH Vulnerabilities January 2017

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also exploit these vulnerabilities to obtain...

Microsoft Internet Explorer and Edge CVE-2017-0037 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 10 and 11 ar...

Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability

Description Apache Tomcat is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions. The following versions are affected: Apache Tomcat 8.0.0 through 8.0.19 Apache Tomcat 7.0.0...

Adobe Flash Player APSB17-04 Multiple Heap Buffer Overflow Vulnerabilities

Description Adobe Flash Player is prone to multiple heap-based buffer overflow vulnerabilities because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit these issues to execute arbitrary code in the context of the...

Adobe Flash Player APSB17-04 Multiple Use After Free Remote Code Execution Vulnerabilities

Description Adobe Flash Player is prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions...

Adobe Flash Player CVE-2017-2995 Type Confusion Remote Code Execution Vulnerability

Description Adobe Flash Player is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected...

Adobe Flash Player APSB17-04 Multiple Unspecified Memory Corruption Vulnerabilities

Description Adobe Flash Player is prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...

SA141 : OpenSSL Vulnerabilities 26-Jan-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...

Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability

Description Apache Groovy is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Apache Groovy 2.4.4...

SA139 : November 2016 NTP Security Vulnerabilities

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...

Microsoft Windows LSASS CVE-2017-0004 Denial of Service Vulnerability

Description Microsoft Windows LSASS is prone to a denial-of-service vulnerability. Successful exploitation of the issue will cause a denial of service on the target system's LSASS service, resulting in an automatic reboot of the system. Technologies Affected Microsoft Windows 7 for 32-bit Systems...

Microsoft Edge CVE-2017-0002 Remote Privilege Escalation Vulnerability

Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary, unless external parties require service. Filter...

Microsoft Identity Model Extensions Token Signing Verification Privilege Escalation Vulnerability

Description Microsoft Identity Model Extensions is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.2 Microsoft...

Microsoft Office CVE-2017-0003 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish

SUMMARY Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived encrypted connection...

SA137 : NSS Vulnerabilities

SUMMARY Blue Coat products using affected versions of NSS are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain private Diffie-Hellman DH keys, cause denial of service through application crashes, or possibly execute arbitrary code. AFFECTED...

SA136 : OpenSSH Vulnerabilities

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...

Microsoft Windows Graphics Component CVE-2016-7272 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10...

Microsoft Windows Kernel CVE-2016-7258 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...