Multiple vulnerabilities in Microsoft Products (ESU)

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
2. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
3. An information disclosure vulnerability in Windows EOT Font Engine can be exploited remotely via specially crafted embedded to obtain sensitive information.
4. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
5. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
6. An information disclosure vulnerability in Internet Explorer can be exploited remotely via specially crafted website to obtain sensitive information.
7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
9. A denial of service vulnerability in Windows Search can be exploited remotely via specially crafted messages to cause denial of service.
10. An information disclosure vulnerability in Windows Media Player can be exploited remotely via specially crafted application to obtain sensitive information.

Первичный источник обнаружения

• CVE-2017-11831
  CVE-2017-11849
  CVE-2017-11855
  CVE-2017-11832
  CVE-2017-11835
  CVE-2017-11791
  CVE-2017-11851
  CVE-2017-11869
  CVE-2017-11848
  CVE-2017-11843
  CVE-2017-11852
  CVE-2017-11853
  CVE-2017-11846
  CVE-2017-11847
  CVE-2017-11788
  CVE-2017-11880
  CVE-2017-11768
  CVE-2017-11858
  CVE-2017-11834
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge
• ChakraCore

Список CVE

• CVE-2017-11768
  warning
• CVE-2017-11788
  warning
• CVE-2017-11831
  warning
• CVE-2017-11832
  warning
• CVE-2017-11835
  warning
• CVE-2017-11847
  critical
• CVE-2017-11849
  warning
• CVE-2017-11851
  warning
• CVE-2017-11852
  warning
• CVE-2017-11853
  warning
• CVE-2017-11880
  warning
• CVE-2017-11791
  warning
• CVE-2017-11834
  warning
• CVE-2017-11843
  critical
• CVE-2017-11846
  critical
• CVE-2017-11848
  warning
• CVE-2017-11855
  critical
• CVE-2017-11858
  critical
• CVE-2017-11869
  critical

Список KB

• 4046184
• 4047211
• 4048957
• 4048960
• 4048968
• 4048970
• 4049164
• 4047170
• 4047206

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com