[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Dec 13 05:21:19 PST 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 572 Published: Tue, 12 Dec 2017 19:44:21 GMT
New Fixlets:
============
***************************************************************
Title: Windows Media Player Information Disclosure Vulnerability - CVE-2017-11768
Severity: Low
Fixlet ID: 364801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3648
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11768
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."
***************************************************************
Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2017-11827
Severity: High
Fixlet ID: 364901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3649
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11827
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
***************************************************************
Title: Microsoft Project Server Elevation of Privilege Vulnerability - CVE-2017-11876
Severity: Medium
Fixlet ID: 365001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3650
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11876
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
***************************************************************
Title: Microsoft Graphics Component Information Disclosure Vulnerability - CVE-2017-11850
Severity: Low
Fixlet ID: 365101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3651
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11850
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
***************************************************************
Title: Windows GDI Information Disclosure Vulnerability - CVE-2017-11852
Severity: Low
Fixlet ID: 365201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3652
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11852
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11842
Severity: Low
Fixlet ID: 365301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3653
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11842
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".
***************************************************************
Title: Windows Search Denial of Service Vulnerability - CVE-2017-11788
Severity: <Unspecified>
Fixlet ID: 365401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3654
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11788
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11851
Severity: Low
Fixlet ID: 365501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3655
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11851
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11849
Severity: <Unspecified>
Fixlet ID: 365601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3656
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11849
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11847
Severity: High
Fixlet ID: 365701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3657
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11847
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-11853
Severity: <Unspecified>
Fixlet ID: 365801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3658
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11853
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16401
Severity: <Unspecified>
Fixlet ID: 365901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3659
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16401
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16362
Severity: <Unspecified>
Fixlet ID: 366001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3660
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16362
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16399
Severity: <Unspecified>
Fixlet ID: 366101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3661
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16399
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16394
Severity: <Unspecified>
Fixlet ID: 366201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3662
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16394
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16418
Severity: <Unspecified>
Fixlet ID: 366301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3663
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16418
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16405
Severity: <Unspecified>
Fixlet ID: 366401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3664
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16405
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16402
Severity: <Unspecified>
Fixlet ID: 366501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3665
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16402
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16400
Severity: <Unspecified>
Fixlet ID: 366601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3666
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16400
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16404
Severity: <Unspecified>
Fixlet ID: 366701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3667
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16404
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16414
Severity: <Unspecified>
Fixlet ID: 366801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3668
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16414
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16369
Severity: <Unspecified>
Fixlet ID: 366901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3669
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16369
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16409
Severity: <Unspecified>
Fixlet ID: 367001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3670
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16409
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16412
Severity: <Unspecified>
Fixlet ID: 367101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3671
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16412
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16376
Severity: <Unspecified>
Fixlet ID: 367201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3672
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16376
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16397
Severity: <Unspecified>
Fixlet ID: 367301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3673
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16397
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16380
Severity: <Unspecified>
Fixlet ID: 367401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3674
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16380
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16403
Severity: <Unspecified>
Fixlet ID: 367501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3675
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16403
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16417
Severity: <Unspecified>
Fixlet ID: 367601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3676
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16417
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-11293
Severity: <Unspecified>
Fixlet ID: 367702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3677
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11293
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16370
Severity: <Unspecified>
Fixlet ID: 367801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3678
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16370
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16382
Severity: <Unspecified>
Fixlet ID: 367901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3679
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16382
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16420
Severity: <Unspecified>
Fixlet ID: 368001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3680
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16420
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier - CVE-2017-16408
Severity: <Unspecified>
Fixlet ID: 368101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3681
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16408
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11862
Severity: High
Fixlet ID: 368201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3682
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11862
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11861
Severity: High
Fixlet ID: 368301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3683
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11861
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11858
Severity: <Unspecified>
Fixlet ID: 368401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3684
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11858
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
***************************************************************
Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-11791
Severity: Medium
Fixlet ID: 368502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3685
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11791
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.
***************************************************************
Title: Microsoft Word Memory Corruption Vulnerability - CVE-2017-11854
Severity: <Unspecified>
Fixlet ID: 370401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3704
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11854
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs) - CVE-2017-10379
Severity: Medium
Fixlet ID: 370601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3706
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10379
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10378
Severity: Medium
Fixlet ID: 370701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3707
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10378
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) - CVE-2017-10384
Severity: Medium
Fixlet ID: 370801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3708
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10384
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) - CVE-2017-10268
Severity: Low
Fixlet ID: 370901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3709
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10268
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10279
Severity: Medium
Fixlet ID: 371001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3710
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10279
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Windows Wireless WPA Group Key Reinstallation Vulnerability - CVE-2017-13080
Severity: Low
Fixlet ID: 371301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3713
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
***************************************************************
Title: Microsoft Excel Memory Corruption Vulnerability - CVE-2017-11878
Severity: High
Fixlet ID: 371501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3715
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11878
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10227
Severity: Medium
Fixlet ID: 371701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3717
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10227
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB) - CVE-2017-10286
Severity: Low
Fixlet ID: 372001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3720
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10286
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-10294
Severity: Low
Fixlet ID: 372101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3721
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10294
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS) - CVE-2017-10276
Severity: Medium
Fixlet ID: 372301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3723
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10276
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
More information about the WinVulns-Announcements
mailing list