From winvulns-announcements at bigmail.bigfix.com  Tue Aug  8 05:21:04 2017
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 8 Aug 2017 05:21:04 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.0.1502194867.17311.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 552	Published: Mon, 07 Aug 2017 18:50:50  GMT

New Fixlets:
============

***************************************************************
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries) - CVE-2016-5547
Severity: Medium
Fixlet ID: 177001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1770
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5547
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12.

***************************************************************
Title: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 - CVE-2016-5549
Severity: Medium
Fixlet ID: 177701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1777
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5549
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).

***************************************************************
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 - CVE-2016-5546
Severity: Medium
Fixlet ID: 177902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1779
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5546
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).

***************************************************************
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking) - CVE-2016-5552
Severity: Medium
Fixlet ID: 178901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1789
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5552
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12.

***************************************************************
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111 - CVE-2016-5548
Severity: Medium
Fixlet ID: 180101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1801
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5548
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).

***************************************************************
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control) - CVE-2016-8328
Severity: Medium
Fixlet ID: 182702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1827
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8328
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112.

***************************************************************
Title: Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111 - CVE-2016-2183
Severity: Medium
Fixlet ID: 185102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1851
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

***************************************************************
Title: Windows Explorer Remote Code Execution Vulnerability - CVE-2017-8463
Severity: High
Fixlet ID: 279501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2795
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8463
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".

***************************************************************
Title: Windows Elevation of Privilege Vulnerability - CVE-2017-8563
Severity: Medium
Fixlet ID: 279601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2796
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8563
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".

***************************************************************
Title: Https.sys Information Disclosure Vulnerability - CVE-2017-8582
Severity: Medium
Fixlet ID: 279701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2797
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8582
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability".

***************************************************************
Title: SharePoint Server XSS Vulnerability - CVE-2017-8569
Severity: Medium
Fixlet ID: 279801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2798
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8569
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".

***************************************************************
Title: Windows ALPC Elevation of Privilege Vulnerability - CVE-2017-8562
Severity: Medium
Fixlet ID: 279901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2799
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8562
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability".

***************************************************************
Title: DirectX Elevation of Privilege Vulnerability - CVE-2017-8579
Severity: Medium
Fixlet ID: 280001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2800
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8579
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."

***************************************************************
Title: Windows IME Elevation of Privilege Vulnerability - CVE-2017-8566
Severity: Medium
Fixlet ID: 280201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2802
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8566
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".

***************************************************************
Title: Windows CLFS Elevation of Privilege Vulnerability - CVE-2017-8590
Severity: Medium
Fixlet ID: 280301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2803
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8590
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

***************************************************************
Title: HoloLens Remote Code Execution Vulnerability - CVE-2017-8584
Severity: High
Fixlet ID: 280401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2804
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8584
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8598
Severity: High
Fixlet ID: 280501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2805
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8598
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8606
Severity: High
Fixlet ID: 280601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2806
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8606
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Windows PowerShell Remote Code Execution Vulnerability - CVE-2017-8565
Severity: High
Fixlet ID: 281601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2816
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8565
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8601
Severity: High
Fixlet ID: 281702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2817
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8601
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8604
Severity: High
Fixlet ID: 281801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2818
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8604
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8603
Severity: High
Fixlet ID: 281901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2819
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8603
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8605
Severity: High
Fixlet ID: 282001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2820
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8605
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8607
Severity: High
Fixlet ID: 283701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2837
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8607
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8618
Severity: High
Fixlet ID: 284801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2848
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8618
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8619
Severity: High
Fixlet ID: 284901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2849
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8619
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.

***************************************************************
Title: Microsoft Browser Security Feature Bypass - CVE-2017-8592
Severity: Medium
Fixlet ID: 285101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2851
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8592
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".

***************************************************************
Title: NetScaler file parser infinite loop - CVE-2017-7700
Severity: High
Fixlet ID: 286301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2863
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7700
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8608
Severity: High
Fixlet ID: 286401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2864
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8608
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8609
Severity: High
Fixlet ID: 286501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2865
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8609
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8610
Severity: High
Fixlet ID: 286601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2866
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8610
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.

***************************************************************
Title: WBXML dissector infinite loop - CVE-2017-7702
Severity: High
Fixlet ID: 286701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2867
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7702
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.


From winvulns-announcements at bigmail.bigfix.com  Wed Aug 16 05:21:01 2017
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Wed, 16 Aug 2017 05:21:01 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.1.1502886064.21034.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 553	Published: Tue, 15 Aug 2017 22:05:06  GMT

New Fixlets:
============

***************************************************************
Title: Vulnerability in MySQL Cluster 7.3.5 and earlier - CVE-2014-1912
Severity: High
Fixlet ID: 293001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2930
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Vulnerability in MySQL Cluster 7.3.5 and earlier.


From winvulns-announcements at bigmail.bigfix.com  Tue Aug 22 05:20:59 2017
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 22 Aug 2017 05:20:59 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.0.1503404461.10644.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 554	Published: Mon, 21 Aug 2017 19:00:56  GMT

New Fixlets:
============

***************************************************************
Title: Win32k Elevation of Privilege Vulnerability - CVE-2017-8593
Severity: Medium
Fixlet ID: 295501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2955
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8593
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".

***************************************************************
Title: Windows Hyper-V Denial of Service Vulnerability - CVE-2017-8623
Severity: Medium
Fixlet ID: 295602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2956
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8623
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

***************************************************************
Title: Win32k Information Disclosure Vulnerability - CVE-2017-8666
Severity: Low
Fixlet ID: 295701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2957
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8666
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".

***************************************************************
Title: Windows Hyper-V Remote Code Execution Vulnerability - CVE-2017-8664
Severity: High
Fixlet ID: 295801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2958
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8664
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability".

***************************************************************
Title: Windows Search Remote Code Execution Vulnerability - CVE-2017-8620
Severity: High
Fixlet ID: 295901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2959
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8620
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Search Remote Code Execution Vulnerability - CVE-2017-8620 Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8518
Severity: High
Fixlet ID: 296001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2960
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8518
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8639
Severity: High
Fixlet ID: 296101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2961
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8639
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8637
Severity: Low
Fixlet ID: 296201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2962
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8637
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8640
Severity: High
Fixlet ID: 296301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2963
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8640
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8634
Severity: High
Fixlet ID: 296401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2964
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8634
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: XrayWrapper bypass through DOM objects - CVE-2014-8636
Severity: High
Fixlet ID: 296501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2965
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8636
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

***************************************************************
Title: data: URL can inherit wrong origin after an HTTP redirect - CVE-2016-9078
Severity: <Unspecified>
Fixlet ID: 296601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2966
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them.

***************************************************************
Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability - CVE-2017-8673
Severity: Medium
Fixlet ID: 296802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2968
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8673
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."

***************************************************************
Title: Express Compressed Fonts Remote Code Execution Vulnerability - CVE-2017-8691
Severity: High
Fixlet ID: 297001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2970
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8691
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."

***************************************************************
Title: Microsoft Office SharePoint XSS Vulnerability - CVE-2017-8654
Severity: Low
Fixlet ID: 297101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2971
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8654
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

***************************************************************
Title: Volume Manager Extension Driver Information Disclosure Vulnerability - CVE-2017-8668
Severity: Low
Fixlet ID: 297201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2972
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8668
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".

***************************************************************
Title: Windows Error Reporting Elevation of Privilege Vulnerability - CVE-2017-8633
Severity: High
Fixlet ID: 297401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2974
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8633
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8636
Severity: High
Fixlet ID: 297501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2975
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8636
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Microsoft Edge Elevation of Privilege Vulnerability - CVE-2017-8642
Severity: Medium
Fixlet ID: 297601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2976
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8642
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

***************************************************************
Title: Microsoft Edge Elevation of Privilege Vulnerability - CVE-2017-8503
Severity: Medium
Fixlet ID: 297701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2977
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8503
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8638
Severity: High
Fixlet ID: 297801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2978
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8638
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8655
Severity: High
Fixlet ID: 297901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2979
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8655
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Windows PDF Remote Code Execution Vulnerability - CVE-2017-0293
Severity: High
Fixlet ID: 298001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2980
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0293
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".

***************************************************************
Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-8659
Severity: Medium
Fixlet ID: 298101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2981
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8659
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8672
Severity: High
Fixlet ID: 298201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2982
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8672
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8645
Severity: High
Fixlet ID: 298401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2984
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8645
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Windows IME Remote Code Execution Vulnerability - CVE-2017-8591
Severity: High
Fixlet ID: 298501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2985
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8591
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".

***************************************************************
Title: Windows CLFS Elevation of Privilege Vulnerability - CVE-2017-8624
Severity: High
Fixlet ID: 298601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2986
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8624
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

***************************************************************
Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability - CVE-2017-8622
Severity: High
Fixlet ID: 298701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2987
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8622
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

***************************************************************
Title: Windows Subsystem for Linux Denial of Service Vulnerability - CVE-2017-8627
Severity: Medium
Fixlet ID: 298801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2988
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8627
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8646
Severity: High
Fixlet ID: 298901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2989
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8646
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.


From winvulns-announcements at bigmail.bigfix.com  Thu Aug 31 05:21:16 2017
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Thu, 31 Aug 2017 05:21:16 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.2.1504182078.14951.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 555	Published: Wed, 30 Aug 2017 20:17:06  GMT

New Fixlets:
============

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8657
Severity: High
Fixlet ID: 300001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3000
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8657
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8671
Severity: High
Fixlet ID: 300101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3001
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8671
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8656
Severity: High
Fixlet ID: 300201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3002
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8656
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2017-8669
Severity: High
Fixlet ID: 300301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3003
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8669
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653.

***************************************************************
Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2017-8653
Severity: High
Fixlet ID: 300401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3004
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8653
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519.

***************************************************************
Title: Internet Explorer Security Feature Bypass Vulnerability - CVE-2017-8625
Severity: Medium
Fixlet ID: 300501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3005
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8625
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

***************************************************************
Title: Internet Explorer Memory Corruption Vulnerability - CVE-2017-8651
Severity: High
Fixlet ID: 300602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3006
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8651
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

***************************************************************
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability - CVE-2017-0250
Severity: High
Fixlet ID: 300701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3007
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0250
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".

***************************************************************
Title: Windows NetBIOS Denial of Service Vulnerability - CVE-2017-0174
Severity: Medium
Fixlet ID: 300801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3008
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0174
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8635
Severity: High
Fixlet ID: 300901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3009
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8635
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8661
Severity: High
Fixlet ID: 301101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3011
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8661
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8652
Severity: Medium
Fixlet ID: 301201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3012
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8652
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8674
Severity: High
Fixlet ID: 301301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3013
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8674
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.

***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8644
Severity: Medium
Fixlet ID: 301401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3014
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8644
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662.

***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8662
Severity: Medium
Fixlet ID: 301501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3015
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8662
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

***************************************************************
Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8650
Severity: Medium
Fixlet ID: 301601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3016
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8650
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8641
Severity: High
Fixlet ID: 301901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3019
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8641
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Window Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8670
Severity: High
Fixlet ID: 304601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3046
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8670
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.

***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8647
Severity: High
Fixlet ID: 304801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3048
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8647
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.

***************************************************************
Title: WBXML dissector infinite loop - CVE-2017-7702
Severity: High
Fixlet ID: 305101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3051
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7702
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.

***************************************************************
Title: IMAP dissector crash - CVE-2017-7703
Severity: Medium
Fixlet ID: 305201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3052
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7703
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.

***************************************************************
Title: DOF dissector infinite loop - CVE-2017-7704
Severity: High
Fixlet ID: 305301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3053
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7704
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.