Multiple vulnerabilities in Microsoft Products (ESU)

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
2. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.
4. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
5. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
6. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted website to obtain sensitive information.
7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
9. A denial of service vulnerability in Windows Search can be exploited remotely via specially crafted messages to cause denial of service.
10. An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted application to obtain sensitive information.

Fiches de renseignement originales

• CVE-2017-11831

• CVE-2017-11849
• CVE-2017-11855
• CVE-2017-11832
• CVE-2017-11835
• CVE-2017-11791
• CVE-2017-11851
• CVE-2017-11869
• CVE-2017-11848
• CVE-2017-11843
• CVE-2017-11852
• CVE-2017-11853
• CVE-2017-11846
• CVE-2017-11847
• CVE-2017-11788
• CVE-2017-11880
• CVE-2017-11768
• CVE-2017-11858
• CVE-2017-11834

Exploitation

Public exploits exist for this vulnerability.

Produits associés

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge
• ChakraCore

Liste CVE

• CVE-2017-11768
  warning
• CVE-2017-11788
  critical
• CVE-2017-11831
  warning
• CVE-2017-11832
  warning
• CVE-2017-11835
  high
• CVE-2017-11847
  critical
• CVE-2017-11849
  warning
• CVE-2017-11851
  warning
• CVE-2017-11852
  warning
• CVE-2017-11853
  high
• CVE-2017-11880
  warning
• CVE-2017-11791
  warning
• CVE-2017-11834
  high
• CVE-2017-11843
  critical
• CVE-2017-11846
  critical
• CVE-2017-11848
  warning
• CVE-2017-11855
  critical
• CVE-2017-11858
  critical
• CVE-2017-11869
  critical

Liste KB

• 4046184
• 4047211
• 4048957
• 4048960
• 4048968
• 4048970
• 4049164
• 4047170
• 4047206

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com