Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service.
Below is a complete list of vulnerabilities:
- An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.
- An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
- An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted website to obtain sensitive information.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
- A denial of service vulnerability in Windows Search can be exploited remotely via specially crafted messages to cause denial of service.
- An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted application to obtain sensitive information.
Первичный источник обнаружения
- CVE-2017-11831
CVE-2017-11849
CVE-2017-11855
CVE-2017-11832
CVE-2017-11835
CVE-2017-11791
CVE-2017-11851
CVE-2017-11869
CVE-2017-11848
CVE-2017-11843
CVE-2017-11852
CVE-2017-11853
CVE-2017-11846
CVE-2017-11847
CVE-2017-11788
CVE-2017-11880
CVE-2017-11768
CVE-2017-11858
CVE-2017-11834
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
- ChakraCore
Список CVE
- CVE-2017-11768 warning
- CVE-2017-11788 warning
- CVE-2017-11831 warning
- CVE-2017-11832 warning
- CVE-2017-11835 warning
- CVE-2017-11847 critical
- CVE-2017-11849 warning
- CVE-2017-11851 warning
- CVE-2017-11852 warning
- CVE-2017-11853 warning
- CVE-2017-11880 warning
- CVE-2017-11791 warning
- CVE-2017-11834 warning
- CVE-2017-11843 critical
- CVE-2017-11846 critical
- CVE-2017-11848 warning
- CVE-2017-11855 critical
- CVE-2017-11858 critical
- CVE-2017-11869 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!