Multiple vulnerabilities in Microsoft Products (ESU)

説明

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
2. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.
4. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
5. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
6. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted website to obtain sensitive information.
7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
9. A denial of service vulnerability in Windows Search can be exploited remotely via specially crafted messages to cause denial of service.
10. An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted application to obtain sensitive information.

オリジナルアドバイザリー

• CVE-2017-11831

• CVE-2017-11849
• CVE-2017-11855
• CVE-2017-11832
• CVE-2017-11835
• CVE-2017-11791
• CVE-2017-11851
• CVE-2017-11869
• CVE-2017-11848
• CVE-2017-11843
• CVE-2017-11852
• CVE-2017-11853
• CVE-2017-11846
• CVE-2017-11847
• CVE-2017-11788
• CVE-2017-11880
• CVE-2017-11768
• CVE-2017-11858
• CVE-2017-11834

エクスプロイテーション

Public exploits exist for this vulnerability.

関連製品

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge
• ChakraCore

CVEリスト

• CVE-2017-11768
  warning
• CVE-2017-11788
  critical
• CVE-2017-11831
  warning
• CVE-2017-11832
  warning
• CVE-2017-11835
  high
• CVE-2017-11847
  critical
• CVE-2017-11849
  warning
• CVE-2017-11851
  warning
• CVE-2017-11852
  warning
• CVE-2017-11853
  high
• CVE-2017-11880
  warning
• CVE-2017-11791
  warning
• CVE-2017-11834
  high
• CVE-2017-11843
  critical
• CVE-2017-11846
  critical
• CVE-2017-11848
  warning
• CVE-2017-11855
  critical
• CVE-2017-11858
  critical
• CVE-2017-11869
  critical

KBリスト

• 4046184
• 4047211
• 4048957
• 4048960
• 4048968
• 4048970
• 4049164
• 4047170
• 4047206

も参照してください

お住まいの地域に広がる脆弱性の統計をご覧ください statistics.securelist.com