From winvulns-announcements at bigmail.bigfix.com Wed Dec 13 05:21:19 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 13 Dec 2017 05:21:19 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 572 Published: Tue, 12 Dec 2017 19:44:21 GMT New Fixlets: ============ *************************************************************** Title: Windows Media Player Information Disclosure Vulnerability - CVE-2017-11768 Severity: Low Fixlet ID: 364801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3648 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11768 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2017-11827 Severity: High Fixlet ID: 364901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3649 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11827 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". *************************************************************** Title: Microsoft Project Server Elevation of Privilege Vulnerability - CVE-2017-11876 Severity: Medium Fixlet ID: 365001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3650 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11876 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". *************************************************************** Title: Microsoft Graphics Component Information Disclosure Vulnerability - CVE-2017-11850 Severity: Low Fixlet ID: 365101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3651 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11850 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". *************************************************************** Title: Windows GDI Information Disclosure Vulnerability - CVE-2017-11852 Severity: Low Fixlet ID: 365201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3652 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11852 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11842 Severity: Low Fixlet ID: 365301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3653 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11842 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". *************************************************************** Title: Windows Search Denial of Service Vulnerability - CVE-2017-11788 Severity: Fixlet ID: 365401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3654 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11788 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11851 Severity: Low Fixlet ID: 365501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3655 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11851 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11849 Severity: Fixlet ID: 365601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3656 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11849 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11847 Severity: High Fixlet ID: 365701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3657 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11847 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11853 Severity: Fixlet ID: 365801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3658 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11853 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16401 Severity: Fixlet ID: 365901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3659 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16401 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16362 Severity: Fixlet ID: 366001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3660 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16362 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16399 Severity: Fixlet ID: 366101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3661 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16399 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16394 Severity: Fixlet ID: 366201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3662 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16394 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16418 Severity: Fixlet ID: 366301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3663 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16418 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16405 Severity: Fixlet ID: 366401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3664 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16405 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16402 Severity: Fixlet ID: 366501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3665 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16402 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16400 Severity: Fixlet ID: 366601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3666 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16400 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16404 Severity: Fixlet ID: 366701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3667 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16404 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16414 Severity: Fixlet ID: 366801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3668 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16414 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16369 Severity: Fixlet ID: 366901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3669 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16369 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16409 Severity: Fixlet ID: 367001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3670 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16409 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16412 Severity: Fixlet ID: 367101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3671 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16412 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16376 Severity: Fixlet ID: 367201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3672 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16376 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16397 Severity: Fixlet ID: 367301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3673 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16397 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16380 Severity: Fixlet ID: 367401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3674 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16380 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16403 Severity: Fixlet ID: 367501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3675 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16403 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16417 Severity: Fixlet ID: 367601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3676 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16417 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-11293 Severity: Fixlet ID: 367702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3677 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11293 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16370 Severity: Fixlet ID: 367801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3678 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16370 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16382 Severity: Fixlet ID: 367901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3679 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16382 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16420 Severity: Fixlet ID: 368001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3680 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16420 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16408 Severity: Fixlet ID: 368101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3681 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16408 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11862 Severity: High Fixlet ID: 368201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3682 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11862 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11861 Severity: High Fixlet ID: 368301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3683 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11861 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11858 Severity: Fixlet ID: 368401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3684 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11858 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-11791 Severity: Medium Fixlet ID: 368502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3685 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11791 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. *************************************************************** Title: Microsoft Word Memory Corruption Vulnerability - CVE-2017-11854 Severity: Fixlet ID: 370401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3704 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11854 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs) - CVE-2017-10379 Severity: Medium Fixlet ID: 370601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3706 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10379 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10378 Severity: Medium Fixlet ID: 370701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3707 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10378 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) - CVE-2017-10384 Severity: Medium Fixlet ID: 370801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3708 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10384 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) - CVE-2017-10268 Severity: Low Fixlet ID: 370901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3709 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10268 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10279 Severity: Medium Fixlet ID: 371001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3710 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10279 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Windows Wireless WPA Group Key Reinstallation Vulnerability - CVE-2017-13080 Severity: Low Fixlet ID: 371301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3713 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. *************************************************************** Title: Microsoft Excel Memory Corruption Vulnerability - CVE-2017-11878 Severity: High Fixlet ID: 371501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3715 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11878 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10227 Severity: Medium Fixlet ID: 371701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3717 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10227 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB) - CVE-2017-10286 Severity: Low Fixlet ID: 372001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3720 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10286 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10294 Severity: Low Fixlet ID: 372101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3721 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10294 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS) - CVE-2017-10276 Severity: Medium Fixlet ID: 372301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3723 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10276 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. From winvulns-announcements at bigmail.bigfix.com Fri Dec 15 05:21:08 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 15 Dec 2017 05:21:08 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 573 Published: Thu, 14 Dec 2017 19:00:03 GMT New Fixlets: ============ *************************************************************** Title: Use After Free Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions - CVE-2017-11213 Severity: Fixlet ID: 373001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3730 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11213 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions. *************************************************************** Title: Out-of-bounds Read Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions - CVE-2017-3112 Severity: Fixlet ID: 373201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3732 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3112 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability - CVE-2017-16392 Severity: Fixlet ID: 374501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3745 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16392 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16388 Severity: Fixlet ID: 374701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3747 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16388 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16360 Severity: Fixlet ID: 375001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3750 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16360 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16390 Severity: Fixlet ID: 375301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3753 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16390 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16393 Severity: Fixlet ID: 375501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3755 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16393 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability - CVE-2017-16365 Severity: Fixlet ID: 375601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3756 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16365 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability - CVE-2017-16384 Severity: Fixlet ID: 376001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3760 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16384 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability - CVE-2017-16374 Severity: Fixlet ID: 376101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3761 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16374 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability - CVE-2017-16391 Severity: Fixlet ID: 376201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3762 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16391 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability - CVE-2017-16368 Severity: Fixlet ID: 376401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3764 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16368 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability - CVE-2017-16410 Severity: Fixlet ID: 376601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3766 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16410 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability - CVE-2017-16386 Severity: Fixlet ID: 376701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3767 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16386 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. From winvulns-announcements at bigmail.bigfix.com Thu Dec 21 05:21:08 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Thu, 21 Dec 2017 05:21:08 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 574 Published: Thu, 21 Dec 2017 00:14:15 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Excel Security Feature Bypass Vulnerability - CVE-2017-11877 Severity: Medium Fixlet ID: 371601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3716 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11877 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth) - CVE-2017-10155 Severity: Medium Fixlet ID: 371801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3718 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10155 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema) - CVE-2017-10283 Severity: Low Fixlet ID: 371901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3719 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10283 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached) - CVE-2017-10314 Severity: Medium Fixlet ID: 372201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3722 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10314 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Use After Free ulnerability in Adobe Flash Player 27.0.0.187 and earlier versions - CVE-2017-11215 Severity: Fixlet ID: 372801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3728 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11215 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions. *************************************************************** Title: Out-of-bounds Read Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions - CVE-2017-3114 Severity: Fixlet ID: 372901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3729 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3114 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out-of-bounds read vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16398 Severity: High Fixlet ID: 374601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3746 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16398 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability - CVE-2017-16381 Severity: High Fixlet ID: 374801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3748 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16381 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability - CVE-2017-16395 Severity: High Fixlet ID: 374901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3749 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16395 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability - CVE-2017-16389 Severity: High Fixlet ID: 375202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3752 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16389 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability - CVE-2017-16385 Severity: High Fixlet ID: 375401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3754 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16385 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability - CVE-2017-16396 Severity: High Fixlet ID: 375701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3757 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16396 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability - CVE-2017-16377 Severity: High Fixlet ID: 375801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3758 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16377 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability - CVE-2017-16378 Severity: High Fixlet ID: 375901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3759 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16378 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability - CVE-2017-16383 Severity: High Fixlet ID: 376301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3763 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16383 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability - CVE-2017-16387 Severity: High Fixlet ID: 376501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3765 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16387 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11894 Severity: Fixlet ID: 377201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3772 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11894 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.