Description
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
- Unspecified Microsoft Server Block Message can be exploited remotely via specially crafted requests to cause denial of service.
- A remote code execution vulnerability in Windows SMB can be exploited remotely via specially crafted packet to execute arbitrary code.
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A remote code execution vulnerability in Microsoft JET Database Engine can be exploited remotely via specially crafted to execute arbitrary code.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Search can be exploited remotely via specially crafted messages to obtain sensitive information.
- A remote code execution vulnerability in Windows Search can be exploited remotely via specially crafted messages to execute arbitrary code.
- A remote code execution vulnerability in Windows Shell can be exploited remotely via specially crafted content to execute arbitrary code.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Windows SMB can be exploited remotely to obtain sensitive information.
Original advisories
- CVE-2017-11780
- CVE-2017-11785
- CVE-2017-11784
- CVE-2017-11765
- CVE-2017-11763
- CVE-2017-11762
- CVE-2017-8694
- CVE-2017-11822
- CVE-2017-8717
- CVE-2017-11790
- CVE-2017-11824
- CVE-2017-11793
- CVE-2017-8718
- CVE-2017-8727
- CVE-2017-11772
- CVE-2017-11771
- CVE-2017-11819
- CVE-2017-8689
- CVE-2017-11810
- CVE-2017-11817
- CVE-2017-11816
- CVE-2017-11815
- CVE-2017-11814
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
CVE list
- CVE-2017-11762 critical
- CVE-2017-11763 critical
- CVE-2017-11765 high
- CVE-2017-11771 critical
- CVE-2017-11772 critical
- CVE-2017-11780 high
- CVE-2017-11781 critical
- CVE-2017-11784 high
- CVE-2017-11785 high
- CVE-2017-11814 high
- CVE-2017-11815 high
- CVE-2017-11816 high
- CVE-2017-11817 warning
- CVE-2017-11819 critical
- CVE-2017-11824 high
- CVE-2017-8689 high
- CVE-2017-8694 high
- CVE-2017-8717 critical
- CVE-2017-8718 critical
- CVE-2017-8727 critical
- CVE-2017-11810 critical
- CVE-2017-11790 warning
- CVE-2017-11793 critical
- CVE-2017-11822 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!