{"symantec": [{"lastseen": "2018-03-12T16:12:12", "description": "### Description\n\nMicrosoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft ChakraCore \n * Microsoft Edge \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2017-12-12T00:00:00", "type": "symantec", "title": "Microsoft Edge Scripting Engine CVE-2017-11918 Remote Memory Corruption Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-11918"], "modified": "2017-12-12T00:00:00", "id": "SMNTC-102089", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102089", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mscve": [{"lastseen": "2022-10-26T18:28:15", "description": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n\nIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\n\nThe security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.\n", "edition": 1, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T08:00:00", "type": "mscve", "title": "Scripting Engine Memory Corruption Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11918"], "modified": "2017-12-12T08:00:00", "id": "MS:CVE-2017-11918", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11918", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2018-01-10T08:22:00", "description": "", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "packetstorm", "title": "Microsoft Edge Chakra JIT Escape Analysis Bug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2017-11918"], "modified": "2018-01-10T00:00:00", "id": "PACKETSTORM:145787", "href": "https://packetstormsecurity.com/files/145787/Microsoft-Edge-Chakra-JIT-Escape-Analysis-Bug.html", "sourceData": "`Microsoft Edge: Chakra: JIT: Escape analysis bug \n \nCVE-2017-11918 \n \n \nEscape analysis: <a href=\"https://en.wikipedia.org/wiki/Escape_analysis\" title=\"\" class=\"\" rel=\"nofollow\">https://en.wikipedia.org/wiki/Escape_analysis</a> \n \nChakra fails to detect if \"tmp\" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values. \n \nPoC: \nfunction opt() { \nlet tmp = []; \ntmp[0] = tmp; \nreturn tmp[0]; \n} \n \nfunction main() { \nfor (let i = 0; i < 0x1000; i++) { \nopt(); \n} \n \nprint(opt()); // deref uninitialized stack pointers! \n} \n \nmain(); \n \n \n \nThis bug is subject to a 90 day disclosure deadline. After 90 days elapse \nor a patch has been made broadly available, the bug report will become \nvisible to the public. \n \n \n \n \nFound by: lokihardt \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/145787/GS20180110005019.txt", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-01-11T14:41:31", "description": "The remote Windows host is missing security update 4053581.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11910, CVE-2017-11918)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053581: Windows 10 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11910", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053581.NASL", "href": "https://www.tenable.com/plugins/nessus/105182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105182);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11910\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102082,\n 102086,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053581\");\n script_xref(name:\"MSFT\", value:\"MS17-4053581\");\n\n script_name(english:\"KB4053581: Windows 10 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053581.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11910, CVE-2017-11918)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053581/windows-10-update-kb4053581\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfb1aa54\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053581.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053581');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053581])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:42:04", "description": "The remote Windows host is missing security update 4053580.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053580: Windows 10 Version 1703 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053580.NASL", "href": "https://www.tenable.com/plugins/nessus/105181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105181);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053580\");\n script_xref(name:\"MSFT\", value:\"MS17-4053580\");\n\n script_name(english:\"KB4053580: Windows 10 Version 1703 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053580.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053580/windows-10-update-kb4053580\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7a4dd124\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053580.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053580');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"15063\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053580])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:43:00", "description": "The remote Windows host is missing security update 4053578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053578: Windows 10 Version 1511 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053578.NASL", "href": "https://www.tenable.com/plugins/nessus/105179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105179);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053578\");\n script_xref(name:\"MSFT\", value:\"MS17-4053578\");\n\n script_name(english:\"KB4053578: Windows 10 Version 1511 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053578.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053578/windows-10-update-kb4053578\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00abfab6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053578.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053578');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10586\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053578])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:55", "description": "The remote Windows host is missing security update 4053579.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4053579.NASL", "href": "https://www.tenable.com/plugins/nessus/105180", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105180);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4053579\");\n script_xref(name:\"MSFT\", value:\"MS17-4053579\");\n\n script_name(english:\"KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4053579.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11909,\n CVE-2017-11910, CVE-2017-11911, CVE-2017-11914,\n CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4053579/windows-10-update-kb4053579\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6fee547\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4053579.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4053579');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4053579])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:56", "description": "The remote Windows host is missing security update 4054517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11889, CVE-2017-11893, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non- malicious, Device Guard could then allow a malicious file to execute. In an attack scenario, an attacker could make an untrusted file appear to be a trusted file. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2017-11886, CVE-2017-11890, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912, CVE-2017-11930)\n\n - An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "nessus", "title": "KB4054517: Windows 10 Version 1709 and Windows Server Version 1709 December 2017 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930"], "modified": "2020-08-18T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:microsoft:edge"], "id": "SMB_NT_MS17_DEC_4054517.NASL", "href": "https://www.tenable.com/plugins/nessus/105183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105183);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/18\");\n\n script_cve_id(\n \"CVE-2017-11885\",\n \"CVE-2017-11886\",\n \"CVE-2017-11887\",\n \"CVE-2017-11888\",\n \"CVE-2017-11889\",\n \"CVE-2017-11890\",\n \"CVE-2017-11893\",\n \"CVE-2017-11894\",\n \"CVE-2017-11895\",\n \"CVE-2017-11899\",\n \"CVE-2017-11901\",\n \"CVE-2017-11903\",\n \"CVE-2017-11905\",\n \"CVE-2017-11906\",\n \"CVE-2017-11907\",\n \"CVE-2017-11908\",\n \"CVE-2017-11909\",\n \"CVE-2017-11910\",\n \"CVE-2017-11911\",\n \"CVE-2017-11912\",\n \"CVE-2017-11913\",\n \"CVE-2017-11914\",\n \"CVE-2017-11918\",\n \"CVE-2017-11919\",\n \"CVE-2017-11927\",\n \"CVE-2017-11930\"\n );\n script_bugtraq_id(\n 102045,\n 102046,\n 102047,\n 102050,\n 102052,\n 102053,\n 102054,\n 102055,\n 102058,\n 102062,\n 102063,\n 102065,\n 102077,\n 102078,\n 102080,\n 102081,\n 102082,\n 102085,\n 102086,\n 102087,\n 102088,\n 102089,\n 102091,\n 102092,\n 102093,\n 102095\n );\n script_xref(name:\"MSKB\", value:\"4054517\");\n script_xref(name:\"MSFT\", value:\"MS17-4054517\");\n\n script_name(english:\"KB4054517: Windows 10 Version 1709 and Windows Server Version 1709 December 2017 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4054517.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in the way\n that the scripting engine handles objects in memory in\n Microsoft Edge. The vulnerability could corrupt memory\n in such a way that an attacker could execute arbitrary\n code in the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11889,\n CVE-2017-11893, CVE-2017-11905, CVE-2017-11908,\n CVE-2017-11909, CVE-2017-11910, CVE-2017-11911,\n CVE-2017-11914, CVE-2017-11918)\n\n - A security feature bypass exists when Device Guard\n incorrectly validates an untrusted file. An attacker who\n successfully exploited this vulnerability could make an\n unsigned file appear to be signed. Because Device Guard\n relies on the signature to determine the file is non-\n malicious, Device Guard could then allow a malicious\n file to execute. In an attack scenario, an attacker\n could make an untrusted file appear to be a trusted\n file. The update addresses the vulnerability by\n correcting how Device Guard handles untrusted files.\n (CVE-2017-11899)\n\n - An information disclosure vulnerability exists when the\n scripting engine does not properly handle objects in\n memory in Microsoft browsers. An attacker who\n successfully exploited the vulnerability could obtain\n information to further compromise the users system.\n (CVE-2017-11919)\n\n - A remote code execution vulnerability exists when\n Microsoft Edge improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that enables an attacker to execute arbitrary code in\n the context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11888)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2017-11886,\n CVE-2017-11890, CVE-2017-11901, CVE-2017-11903,\n CVE-2017-11907, CVE-2017-11913)\n\n - A remote code execution vulnerability exists in RPC if\n the server has Routing and Remote Access enabled. An\n attacker who successfully exploited this vulnerability\n could execute code on the target system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2017-11885)\n\n - A remote code execution vulnerability exists in the way\n the scripting engine handles objects in memory in\n Microsoft browsers. The vulnerability could corrupt\n memory in such a way that an attacker could execute\n arbitrary code in the context of the current user. An\n attacker who successfully exploited the vulnerability\n could gain the same user rights as the current user.\n (CVE-2017-11894, CVE-2017-11895, CVE-2017-11912,\n CVE-2017-11930)\n\n - An information disclosure vulnerability exists when\n Internet Explorer improperly handles objects in memory.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2017-11887, CVE-2017-11906)\n\n - An information disclosure vulnerability exists when the\n Windows its:// protocol handler unnecessarily sends\n traffic to a remote site in order to determine the zone\n of a provided URL. This could potentially result in the\n disclosure of sensitive information to a malicious site.\n (CVE-2017-11927)\");\n # https://support.microsoft.com/en-us/help/4054517/windows-10-update-kb4054517\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3a819f12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply security update KB4054517.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-11885\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-12\";\nkbs = make_list('4054517');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"12_2017\",\n bulletin:bulletin,\n rollup_kb_list:[4054517])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:35:33", "description": "This host is missing a critical security\n update according to Microsoft KB4053581", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053581)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812334", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053581)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812334\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11910\", \"CVE-2017-11912\",\n \"CVE-2017-11886\", \"CVE-2017-11887\", \"CVE-2017-11888\", \"CVE-2017-11889\",\n \"CVE-2017-11890\", \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\",\n \"CVE-2017-11901\", \"CVE-2017-11903\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102086, 102092, 102062, 102063, 102065, 102080,\n 102082, 102053, 102054, 102077, 102046, 102047, 102078, 102091,\n 102089, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 10:08:48 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053581)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053581\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for x64-based Systems\n\n - Microsoft Windows 10 for 32-bit Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053581\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10240.0\", test_version2:\"11.0.10240.17708\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10240.0 - 11.0.10240.17708\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "description": "This host is missing a critical security\n update according to Microsoft KB4053580", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053580)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812333", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053580)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812333\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\", \"CVE-2017-11911\",\n \"CVE-2017-11912\", \"CVE-2017-11885\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102045, 102085, 102086, 102087, 102092, 102055, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:15:18 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053580)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053580\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1703 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053580\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.15063.0\", test_version2:\"11.0.15063.785\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.15063.0 - 11.0.15063.785\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-08T13:55:30", "description": "This host is missing a critical security\n update according to Microsoft KB4053579", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053579)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310812332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812332", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053579)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812332\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102085, 102086, 102087, 102092, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095,\n 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 09:08:24 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053579)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053579\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows Server 2016\n\n - Microsoft Windows 10 Version 1607 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053579\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2016:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.14393.0\", test_version2:\"11.0.14393.1943\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.14393.0 - 11.0.14393.1943\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:33", "description": "This host is missing a critical security\n update according to Microsoft KB4053578", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4053578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812331", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4053578)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812331\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11885\", \"CVE-2017-11907\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11886\", \"CVE-2017-11887\",\n \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\", \"CVE-2017-11893\",\n \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\", \"CVE-2017-11901\",\n \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\", \"CVE-2017-11913\",\n \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\", \"CVE-2017-11927\",\n \"CVE-2017-11930\");\n script_bugtraq_id(102055, 102045, 102085, 102086, 102087, 102092, 102062, 102063,\n 102065, 102080, 102082, 102081, 102053, 102054, 102077, 102046,\n 102047, 102050, 102078, 102091, 102088, 102089, 102093, 102095,\n 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 08:56:15 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4053578)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4053578\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1511 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4053578\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.10586.0\", test_version2:\"11.0.10586.1294\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.10586.0 - 11.0.10586.1294\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-06-08T23:35:34", "description": "This host is missing a critical security\n update according to Microsoft KB4054517", "cvss3": {}, "published": "2017-12-13T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4054517)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11912", "CVE-2017-11930", "CVE-2017-11893", "CVE-2017-11888", "CVE-2017-11903", "CVE-2017-11919", "CVE-2017-11913", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11885", "CVE-2017-11887", "CVE-2017-11895", "CVE-2017-11908", "CVE-2017-11905", "CVE-2017-11918", "CVE-2017-11899", "CVE-2017-11907", "CVE-2017-11901", "CVE-2017-11914", "CVE-2017-11911", "CVE-2017-11910", "CVE-2017-11927", "CVE-2017-11894", "CVE-2017-11909", "CVE-2017-11886", "CVE-2017-11906"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310812335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812335", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Multiple Vulnerabilities (KB4054517)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812335\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-11907\", \"CVE-2017-11908\", \"CVE-2017-11909\", \"CVE-2017-11910\",\n \"CVE-2017-11911\", \"CVE-2017-11912\", \"CVE-2017-11885\", \"CVE-2017-11886\",\n \"CVE-2017-11887\", \"CVE-2017-11888\", \"CVE-2017-11889\", \"CVE-2017-11890\",\n \"CVE-2017-11893\", \"CVE-2017-11894\", \"CVE-2017-11895\", \"CVE-2017-11899\",\n \"CVE-2017-11901\", \"CVE-2017-11903\", \"CVE-2017-11905\", \"CVE-2017-11906\",\n \"CVE-2017-11913\", \"CVE-2017-11914\", \"CVE-2017-11918\", \"CVE-2017-11919\",\n \"CVE-2017-11927\", \"CVE-2017-11930\");\n script_bugtraq_id(102045, 102052, 102085, 102086, 102087, 102092, 102055, 102062,\n 102063, 102065, 102080, 102082, 102081, 102053, 102054, 102077,\n 102046, 102047, 102050, 102078, 102091, 102088, 102089, 102093,\n 102095, 102058);\n script_tag(name:\"cvss_base\", value:\"8.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-12-13 10:19:32 +0530 (Wed, 13 Dec 2017)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4054517)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4054517\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - An error in RPC if the server has Routing and Remote Access enabled.\n\n - An error when Internet Explorer improperly accesses objects in memory.\n\n - An error when Internet Explorer improperly handles objects in memory.\n\n - An error when the Windows its:// protocol handler unnecessarily sends traffic\n to a remote site in order to determine the zone of a provided URL.\n\n - An error when Microsoft Edge improperly accesses objects in memory.\n\n - An error in the way that the scripting engine handles objects in memory in\n Microsoft Edge.\n\n - An error in the way the scripting engine handles objects in memory in Microsoft\n browsers.\n\n - A security feature bypass exists when Device Guard incorrectly validates an\n untrusted file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, gain the same user rights as the current user, obtain\n sensitive information to further compromise the user's system, a brute-force\n to disclose the NTLM hash password and make an unsigned file appear to be signed.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 10 Version 1709 x32/x64.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054517\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(version_in_range(version:edgeVer, test_version:\"11.0.16299.0\", test_version2:\"11.0.16299.124\"))\n{\n report = report_fixed_ver(file_checked:sysPath + \"\\Edgehtml.dll\",\n file_version:edgeVer, vulnerable_range:\"11.0.16299.0 - 11.0.16299.124\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:42:13", "description": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11886", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:52:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11886", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11886", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:17", "description": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11889", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:55:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11889", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11889", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:22", "description": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11890", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-26T14:56:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11890", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11890", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:57", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11894", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:37:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11894", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11894", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:24", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11893", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T18:55:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11893", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:26", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11895", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:17:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11895", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:34", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11903", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:09:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11903", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11903", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:32", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11901", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:26:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11901", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11901", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:36", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11905", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-22T14:27:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11905", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11905", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:40", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11907", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:13:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11907", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11907", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:44", "description": "ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11909", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:06:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11909", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:49", "description": "ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11910", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T19:54:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11910", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11910", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:51", "description": "ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11911", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:05:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11911", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11911", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:56", "description": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11913", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T21:10:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10"], "id": "CVE-2017-11913", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11913", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:57", "description": "ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11914", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:00:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11914", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11914", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:58", "description": "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11916", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T19:54:00", "cpe": [], "id": "CVE-2017-11916", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11916", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2022-03-23T12:43:00", "description": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11918", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2019-04-25T19:01:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11918", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11918", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:42", "description": "ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11908", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T20:27:00", "cpe": ["cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11908", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11908", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:42:53", "description": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-12-12T21:29:00", "type": "cve", "title": "CVE-2017-11912", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11930"], "modified": "2017-12-21T20:09:00", "cpe": ["cpe:/a:microsoft:internet_explorer:11", "cpe:/a:microsoft:internet_explorer:9", "cpe:/a:microsoft:internet_explorer:10", "cpe:/a:microsoft:edge:-"], "id": "CVE-2017-11912", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11912", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2021-08-18T11:15:34", "description": "### *Detect date*:\n12/12/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.\n\n### *Affected products*:\nChakraCore \nMicrosoft Edge (EdgeHTML-based) \nInternet Explorer 9 \nInternet Explorer 10 \nInternet Explorer 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2017-11886](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11886>) \n[CVE-2017-11887](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11887>) \n[CVE-2017-11888](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11888>) \n[CVE-2017-11889](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11889>) \n[CVE-2017-11890](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11890>) \n[CVE-2017-11893](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11893>) \n[CVE-2017-11894](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11894>) \n[CVE-2017-11895](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11895>) \n[CVE-2017-11901](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11901>) \n[CVE-2017-11903](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11903>) \n[CVE-2017-11905](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11905>) \n[CVE-2017-11906](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11906>) \n[CVE-2017-11907](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11907>) \n[CVE-2017-11908](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11908>) \n[CVE-2017-11909](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11909>) \n[CVE-2017-11910](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11910>) \n[CVE-2017-11911](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11911>) \n[CVE-2017-11912](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11912>) \n[CVE-2017-11913](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11913>) \n[CVE-2017-11914](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11914>) \n[CVE-2017-11918](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11918>) \n[CVE-2017-11919](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11919>) \n[CVE-2017-11930](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11930>) \n[CVE-2017-11916](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2017-11916>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2017-11886](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11886>)7.6Critical \n[CVE-2017-11887](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11887>)2.6Warning \n[CVE-2017-11888](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11888>)7.6Critical \n[CVE-2017-11889](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11889>)7.6Critical \n[CVE-2017-11890](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11890>)7.6Critical \n[CVE-2017-11893](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11893>)7.6Critical \n[CVE-2017-11894](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11894>)7.6Critical \n[CVE-2017-11895](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11895>)7.6Critical \n[CVE-2017-11901](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11901>)7.6Critical \n[CVE-2017-11903](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11903>)7.6Critical \n[CVE-2017-11905](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11905>)7.6Critical \n[CVE-2017-11906](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11906>)2.6Warning \n[CVE-2017-11907](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11907>)7.6Critical \n[CVE-2017-11908](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11908>)7.6Critical \n[CVE-2017-11909](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11909>)7.6Critical \n[CVE-2017-11910](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11910>)7.6Critical \n[CVE-2017-11911](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11911>)7.6Critical \n[CVE-2017-11912](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11912>)7.6Critical \n[CVE-2017-11913](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11913>)7.6Critical \n[CVE-2017-11914](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11914>)7.6Critical \n[CVE-2017-11918](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11918>)7.6Critical \n[CVE-2017-11919](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11919>)2.6Warning \n[CVE-2017-11930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11930>)7.6Critical \n[CVE-2017-11916](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11916>)7.6Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4053578](<http://support.microsoft.com/kb/4053578>) \n[4053579](<http://support.microsoft.com/kb/4053579>) \n[4053580](<http://support.microsoft.com/kb/4053580>) \n[4053581](<http://support.microsoft.com/kb/4053581>) \n[4054517](<http://support.microsoft.com/kb/4054517>) \n[4054518](<http://support.microsoft.com/kb/4054518>) \n[4054519](<http://support.microsoft.com/kb/4054519>) \n[4054520](<http://support.microsoft.com/kb/4054520>) \n[4052978](<http://support.microsoft.com/kb/4052978>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-12T00:00:00", "type": "kaspersky", "title": "KLA11158 Multiple vunlerabilities in Microsoft Browsers", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11930"], "modified": "2020-07-22T00:00:00", "id": "KLA11158", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11158/", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-01-09T09:54:31", "description": "\n\nIf you read my weekly blog or follow me on [Twitter](<https://twitter.com/elisal>), you know that I\u2019m a huge sports fan. Unfortunately, when you don\u2019t live in the town of your favorite team, you can be subject to blackout rules. So, my husband and I decided to purchase NFL Sunday Ticket from DirecTV. Fast forward to a couple of years ago \u2013 I wanted to watch my team play, but the channel that the game was supposed to be on was showing another game featuring my least favorite team instead. Needless to say, I was a little upset. I called DirecTV and I wasn\u2019t shy about my feelings on the situation. The customer service representative put me on hold to figure out the problem. Why wasn\u2019t I able to see my game? The game was already over. I\u2019m sure the team at DirecTV had a big laugh over my mistake, but I owned up to it and apologized to the representative.\n\nWhen a vulnerability is submitted to the Zero Day Initiative (ZDI), the affected vendor is given 120 days to take action to patch the vulnerability. If the deadline is not met, the ZDI will publicly disclose the vulnerability in accordance with its disclosure policy. Earlier this week, the Zero Day Initiative (ZDI) published a zero-day vulnerability as a result of a vendor not patching a vulnerability. One of our internal researchers, [Ricky Lawshae](<https://twitter.com/HeadlessZeke>), submitted a vulnerability to the Zero Day Initiative in mid-June of this year involving equipment that DirecTV uses with its Wireless Genie devices. The affected equipment is a Linksys WVBR0-25 which is used as a wireless video bridge. Ricky reviewed the scripts running on the Linksys device and found one that he could to inject additional commands. He was able to implement a root shell on the box in less than 30 seconds by exploiting this command injection vulnerability, which ultimately granted him full remote unauthenticated administrator control over the device. The ZDI attempted to contact the vendor several times regarding the vulnerability but never received a reply. The ZDI informed Linksys that the vulnerability would be published on December 12, 2017. You can read [Ricky\u2019s blog](<https://www.zerodayinitiative.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair>) to get more details on this vulnerability as well as view a video of the exploit in action.**Microsoft Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before December 12, 2017. Security patches were released by Microsoft covering Internet Explorer (IE), Edge, Windows, Office, SharePoint, and Exchange. Three of the Microsoft CVEs came through the ZDI program. The following table maps Digital Vaccine filters to the Microsoft updates. Filters marked with an asterisk (*) shipped prior to this DV package, providing preemptive zero-day protection for customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [December 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/12/12/the-december-2017-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2017-11885 | 30092 | \nCVE-2017-11886 | 30069 | \nCVE-2017-11887 | 20792 | \nCVE-2017-11888 | 30070 | \nCVE-2017-11889 | 30075 | \nCVE-2017-11890 | 30068 | \nCVE-2017-11893 | 30076 | \nCVE-2017-11894 | 30077 | \nCVE-2017-11895 | 30078 | \nCVE-2017-11899 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11901 | *29900 | \nCVE-2017-11903 | 30079 | \nCVE-2017-11905 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11906 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11907 | 30081 | \nCVE-2017-11908 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11909 | 30082 | \nCVE-2017-11910 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11911 | 30083 | \nCVE-2017-11912 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11913 | *29786 | \nCVE-2017-11914 | 30080 | \nCVE-2017-11916 | 30085 | \nCVE-2017-11918 | 30074 | \nCVE-2017-11919 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11927 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11930 | 30086 | \nCVE-2017-11932 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11934 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11935 | 30088 | \nCVE-2017-11936 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2017-11937 | 30093 | \nCVE-2017-11939 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**End of Support Bulletin**\n\nEarlier this week, we announced the end of support for a number of TippingPoint software releases across various models.\n\nDate of Announcement: December 12, 2017\n\n \n\nAffected IPS (N/NX-Series) TOS Versions: 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected IPS (S-Series) TOS Versions: 3.6.4, 3.6.5, 3.6.6\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected TPS TOS Versions: 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2.0\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nAffected SMS TOS Versions: 4.4.0\n\nEnd of Engineering: March 31, 2018\n\nEnd of Support: December 31, 2018\n\n \n\nFactory Release of TPS 5.0.0: October 16, 2017\n\nFactory Release of SMS 5.0.0: March 31, 2018\n\nFactory Release of IPS 3.8.4: March 31, 2018\n\nCustomers with any questions or need assistance with migration planning can contact the TippingPoint Technical Assistance Center. Release notes are also available on <https://tmc.tippingpoint.com>.\n\n**Zero-Day Filters**\n\nThere are no new zero-day filters in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**Updated Existing Zero-Day Filters**\n\nThis section highlights specific filter(s) of interest in this week\u2019s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.\n\nThis week\u2019s updated zero-day filters focus on two of the vulnerabilities from this month\u2019s Microsoft update. The updated filters reflect the fact that the vulnerabilities have been published because Microsoft has issued patches for them. The dates in parentheses after each filter reflects the date we had protection in place for our customers:\n\n**_Microsoft (2)_**\n\n\u2022 29900: HTTP: Microsoft Chakra Javascript Array JIT Optimization Type Confusion Vulnerability (November 7, 2017)\n\n\u2022 29786: HTTP: Microsoft Windows VBScript VT_BSTR Use-After-Free Vulnerability (October 24, 2017)\n\n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-december-4-2017/>).", "cvss3": {}, "published": "2017-12-15T16:06:45", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of December 11, 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930", "CVE-2017-11932", "CVE-2017-11934", "CVE-2017-11935", "CVE-2017-11936", "CVE-2017-11937", "CVE-2017-11939"], "modified": "2017-12-15T16:06:45", "id": "TRENDMICROBLOG:83CF76ED2F779A162F6FE7688839D2BF", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-december-11-2017/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "talosblog": [{"lastseen": "2018-01-29T19:59:50", "description": "Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities impact Edge, Exchange, Internet Explorer, Office, Scripting Engine, Windows, and more. \n \nIn addition to the 33 vulnerabilities addressed, Microsoft has also released an update for Microsoft Office which improves security by disabling the Dynamic Data Exchange (DDE) protocol. This update is detailed in [ADV170021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170021>) and impacts all supported versions of Office. Organizations who are unable to install this update should consult the advisory for workaround that help mitigate DDE exploitation attempts. \n \n\n\n## Vulnerabilities Rated Critical\n\n \nMicrosoft has assigned the following vulnerabilities a Critical severity rating: \n \n\n\n * [CVE-2017-11886 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11886>)\n * [CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888>)\n * [CVE-2017-11889 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11889>)\n * [CVE-2017-11890 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11890>)\n * [CVE-2017-11893 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11893>)\n * [CVE-2017-11894 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11894>)\n * [CVE-2017-11895 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11895>)\n * [CVE-2017-11901 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11901>)\n * [CVE-2017-11903 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11903>)\n * [CVE-2017-11905 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11905>)\n * [CVE-2017-11907 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907>)\n * [CVE-2017-11908 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11908>)\n * [CVE-2017-11909 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11909>)\n * [CVE-2017-11910 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11910>)\n * [CVE-2017-11911 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11911>)\n * [CVE-2017-11912 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912>)\n * [CVE-2017-11914 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11914>)\n * [CVE-2017-11918 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11918>)\n * [CVE-2017-11930 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11930>)\n * [CVE-2017-11937 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937>)\n * [CVE-2017-11940 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940>)\n \n \nThe following is a brief description of each vulnerability. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\" \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11886\n * CVE-2017-11889\n * CVE-2017-11890\n * CVE-2017-11893\n * CVE-2017-11894\n * CVE-2017-11895\n * CVE-2017-11901\n * CVE-2017-11903\n * CVE-2017-11905\n * CVE-2017-11907\n * CVE-2017-11908\n * CVE-2017-11909\n * CVE-2017-11910\n * CVE-2017-11911\n * CVE-2017-11912\n * CVE-2017-11914\n * CVE-2017-11918\n * CVE-2017-11930\n \n \n\n\n### CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability\n\n \nA vulnerability have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. This vulnerability manifests due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Users could be exploited if they navigate to a malicious web page designed to exploit of these vulnerabilities. \n \n\n\n### Multiple CVEs - Microsoft Malware Protection Engine Remote Code Execution Vulnerability\n\n \nTwo arbitrary code execution vulnerabilities have been identified within the Microsoft Malware Protection Engine that could allow an attacker to execute code in the context of the LocalSystem account. These vulnerabilities manifest as a result of the engine improperly scanning files. Exploitation of these vulnerabilities is achievable if the system scans a specially crafted file with an affected version of the Microsoft Malware Protection Engine. Note that these update typically will not require action by users or administrators as the the built-in mechanism for automatic deployment of these updates will account within 48 hours of release. \n \n\n\n * CVE-2017-11937\n * CVE-2017-11940\n \n\n\n## Vulnerabilities Rated Important\n\n \nMicrosoft has assigned the following vulnerabilities an Important severity rating: \n \n\n\n * [CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885>)\n * [CVE-2017-11887 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887>)\n * [CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899>)\n * [CVE-2017-11906 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11906>)\n * [CVE-2017-11913 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11913>)\n * [CVE-2017-11916 - Scripting Engine Memory Corruption Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916>)\n * [CVE-2017-11919 - Scripting Engine Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11919>)\n * [CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927>)\n * [CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932>)\n * [CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11934>)\n * [CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935>)\n * [CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936>)\n * [CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939>)\n \n \nThe following is a brief description of each vulnerability. \n \n\n\n### CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability\n\n \nA vulnerability has been identified that exists in RPC on systems where Routing and Remote Access is enabled. Successful exploitation of this vulnerability could result in code execution. In order to exploit this vulnerability, an attacker would need to run an application specifically designed to exploit this vulnerability. Routing and Remote access is not enabled in default configurations of Windows. On systems where Routing and Remote Access is disabled, the system is not vulnerable. \n \n\n\n### Multiple CVEs - Scripting Engine Information Disclosure Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to obtain information to further compromise a user's system. These vulnerabilities all manifest due to the scripting engine improperly handling objects in memory. Successful exploitation would give an attacker sensitive information that could then be used in other exploits. A scenario where users could be exploited include web-based attacks, where a user navigates to a malicious web page designed to exploit of one of these vulnerabilities. \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11887\n * CVE-2017-11906\n * CVE-2017-11919\n \n \n\n\n### CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability\n\n \nA vulnerability has been identified that affects Device Guard. Successful exploitation of this vulnerability could result in Device Guard incorrectly validating untrusted files. As Device Guard uses signatures to determine whether a file is benign or malicious, this could cause Device Guard to allow a malicious file to execute on vulnerable systems. An attacker could leverage this vulnerability to cause an untrusted file to appear as if it is trusted. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple vulnerabilities have been identified in the scripting engines of Edge and Internet Explorer that could allow an attacker to remotely execute arbitrary code. These vulnerabilities all manifest due to the scripting engines in Edge and Internet Explorer improperly handling objects in memory. As a result, successful exploitation could lead to arbitrary code execution in the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit of these vulnerabilities or, in some cases, opens a Microsoft Office document containing an embedded ActiveX control marked \"safe for initialization.\" \n \nThe following is a list of CVEs related to these vulnerabilities: \n \n\n\n * CVE-2017-11913\n * CVE-2017-11916\n \n \n\n\n### CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified that affects the Windows its:// protocol handler. This vulnerability manifests due to the protocol handler sending network traffic to a remote site when determining the zone associated with a URL that is provided to the protocol handler. An attacker could attempt to leverage this vulnerability to obtain sensitive information. This vulnerability could be leveraged to obtain NTLM hash values associated with a victim's account. \n \n\n\n### CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability\n\n \nA spoofing vulnerability has been identified that affects Microsoft Exchange. This vulnerability manifests due to Outlook Web Access (OWA) failing to properly handle certain web requests. This vulnerability could be leveraged by attackers to inject scripts and content. This vulnerability could also be leveraged to redirect clients to a malicious web site. Successful exploitation of this vulnerability would require an attacker to send victims a specially crafted email containing a malicious link. \n \n\n\n### CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified that affects Microsoft Office. This vulnerability manifests due to Microsoft Office improperly disclosing contents in memory. This vulnerability could be leveraged by an attacker to obtain sensitive information that could be used to launch additional attacks against a target system. Successful exploitation of this vulnerability would require an attacker to send a specially crafted file to a victim and convince them to open the file. \n \n\n\n### CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability\n\n \nAn arbitrary code execution vulnerability has been identified in Microsoft Excel which manifests as a result of improperly handling objects in memory. An attacker could exploit this vulnerability by creating a specially crafted Excel document which triggers the vulnerability. Successful exploitation would allow an attacker to execute arbitrary code in the context of the current user. Scenarios where this could occur include email-based attacks or attacks where users download malicious files off of a site hosting user-created content (DropBox, OneDrive, Google Drive). \n \n\n\n### CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been identified in Microsoft SharePoint Server that could potentially allow an attacker to impersonate a user and perform restricted actions. This vulnerability manifests due to SharePoint improperly sanitizing specially crafted web requests. An authenticated user who exploits this vulnerability could proceed to perform a cross-site scripting attack to cause other users to execute arbitrary JavaScript in the context of that user. This could then allow an attacker to read content, change permissions, or inject other malicious content on behalf of that user if permitted. \n \n\n\n### CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been identified in Microsoft Office that could leak a user's private key. This vulnerability manifests as a result of Visual Basic macros in Office incorrectly exporting a user's private key from the certificate store while saving a document. Note that an attacker would need to exploit another vulnerability or socially engineer the user to obtain the document containing the leaked private key in order to leverage it. \n \n\n\n## Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n\n\n * 37283-37284, 45121-45124, 45128-40133, 45138-45153, 45155-45156, 45160-45163,45167-45170.\n \n \n\n\n[](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=1A84Sx13xAc:ZeJ1KmvCEYI:yIl2AUoC8zA>)\n\n", "cvss3": {}, "published": "2017-12-12T15:32:00", "type": "talosblog", "title": "Microsoft Patch Tuesday - December 2017", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-11885", "CVE-2017-11886", "CVE-2017-11887", "CVE-2017-11888", "CVE-2017-11889", "CVE-2017-11890", "CVE-2017-11893", "CVE-2017-11894", "CVE-2017-11895", "CVE-2017-11899", "CVE-2017-11901", "CVE-2017-11903", "CVE-2017-11905", "CVE-2017-11906", "CVE-2017-11907", "CVE-2017-11908", "CVE-2017-11909", "CVE-2017-11910", "CVE-2017-11911", "CVE-2017-11912", "CVE-2017-11913", "CVE-2017-11914", "CVE-2017-11916", "CVE-2017-11918", "CVE-2017-11919", "CVE-2017-11927", "CVE-2017-11930", "CVE-2017-11932", "CVE-2017-11934", "CVE-2017-11935", "CVE-2017-11936", "CVE-2017-11937", "CVE-2017-11939", "CVE-2017-11940"], "modified": "2017-12-12T23:32:56", "id": "TALOSBLOG:C29A5D06DFA4855828033CE3321D48DE", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/1A84Sx13xAc/ms-tuesday.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit
