From winvulns-announcements at bigmail.bigfix.com Wed Sep 6 05:21:05 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 6 Sep 2017 05:21:05 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 556 Published: Tue, 05 Sep 2017 23:49:49 GMT New Fixlets: ============ *************************************************************** Title: RPCoRDMA dissector infinite loop - CVE-2017-7705 Severity: High Fixlet ID: 305401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3054 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7705 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. From winvulns-announcements at bigmail.bigfix.com Fri Sep 8 05:21:02 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 8 Sep 2017 05:21:02 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 557 Published: Thu, 07 Sep 2017 21:08:02 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Office Memory Corruption Vulnerability - CVE-2017-0003 (MS17-002) Severity: High Fixlet ID: 170701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1707 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0003 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML) - CVE-2017-3244 Severity: Medium Fixlet ID: 179502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1795 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3244 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB) - CVE-2017-3257 Severity: Medium Fixlet ID: 179601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1796 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3257 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) - CVE-2017-3273 Severity: Medium Fixlet ID: 179702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1797 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3273 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. *************************************************************** Title: Vulnerability in MySQL Server 5.5.53 and earlier - CVE-2017-3243 Severity: Low Fixlet ID: 181401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1814 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3243 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-3238 Severity: Medium Fixlet ID: 182902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1829 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3238 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging) - CVE-2017-3265 Severity: Medium Fixlet ID: 183002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1830 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3265 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging) - CVE-2017-3291 Severity: Low Fixlet ID: 183101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1831 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3291 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2017-3251 Severity: Medium Fixlet ID: 183201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1832 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3251 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) - CVE-2017-3256 Severity: Medium Fixlet ID: 183301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1833 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3256 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. From winvulns-announcements at bigmail.bigfix.com Fri Sep 15 05:21:25 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 15 Sep 2017 05:21:25 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 558 Published: Fri, 15 Sep 2017 04:26:30 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier - CVE-2017-3318 Severity: Low Fixlet ID: 181502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1815 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3318 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). *************************************************************** Title: Vulnerability in MySQL Server 5.5.53 and earlier - CVE-2017-3320 Severity: Low Fixlet ID: 181602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1816 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3320 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts). *************************************************************** Title: Vulnerability in MySQL Server 5.5.53 and earlier - CVE-2017-3319 Severity: Low Fixlet ID: 181701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1817 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3319 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). *************************************************************** Title: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier - CVE-2017-3317 Severity: Low Fixlet ID: 181901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1819 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3317 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). From winvulns-announcements at bigmail.bigfix.com Sat Sep 23 05:21:19 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Sat, 23 Sep 2017 05:21:19 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 559 Published: Fri, 22 Sep 2017 17:48:28 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Office Remote Code Execution Vulnerability - CVE-2017-8570 Severity: High Fixlet ID: 273802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2738 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8570 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. *************************************************************** Title: Microsoft Office Outlook Security Feature Bypass Vulnerability - CVE-2017-8571 Severity: Medium Fixlet ID: 296901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2969 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". *************************************************************** Title: Microsoft Office Outlook Information Disclosure Vulnerability - CVE-2017-8572 Severity: Medium Fixlet ID: 297301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2973 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8572 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability". From winvulns-announcements at bigmail.bigfix.com Wed Sep 27 05:21:08 2017 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 27 Sep 2017 05:21:08 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 560 Published: Tue, 26 Sep 2017 22:59:54 GMT New Fixlets: ============ *************************************************************** Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability - CVE-2017-3038 Severity: High Fixlet ID: 307201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3072 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3038 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution. *************************************************************** Title: Microsoft Edge Spoofing Vulnerability - CVE-2017-8735 Severity: Medium Fixlet ID: 317601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3176 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8735 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8643 Severity: Medium Fixlet ID: 317701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3177 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8643 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. *************************************************************** Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8734 Severity: High Fixlet ID: 317801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3178 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8734 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. *************************************************************** Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8723 Severity: Medium Fixlet ID: 317902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3179 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8723 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. *************************************************************** Title: Microsoft Exchange Cross-Site Scripting Vulnerability - CVE-2017-8758 Severity: Medium Fixlet ID: 318701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3187 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8758 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." *************************************************************** Title: Microsoft Exchange Information Disclosure Vulnerability - CVE-2017-11761 Severity: Medium Fixlet ID: 318901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3189 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11761 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability". *************************************************************** Title: Win32k Information Disclosure Vulnerability - CVE-2017-8678 Severity: Low Fixlet ID: 319201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3192 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8678 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. *************************************************************** Title: Win32k Elevation of Privilege Vulnerability - CVE-2017-8675 Severity: Medium Fixlet ID: 319301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3193 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8675 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. *************************************************************** Title: Win32k Graphics Information Disclosure Vulnerability - CVE-2017-8683 Severity: Low Fixlet ID: 319401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3194 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8683 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. *************************************************************** Title: Microsoft SharePoint Cross Site Scripting Vulnerability - CVE-2017-8745 Severity: Low Fixlet ID: 319501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3195 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8745 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". *************************************************************** Title: Win32k Information Disclosure Vulnerability - CVE-2017-8681 Severity: Low Fixlet ID: 319602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3196 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8681 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-8708 Severity: Low Fixlet ID: 319701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3197 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8708 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. *************************************************************** Title: Win32k Information Disclosure Vulnerability - CVE-2017-8677 Severity: Low Fixlet ID: 319801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3198 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8677 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. *************************************************************** Title: Win32k Information Disclosure Vulnerability - CVE-2017-8687 Severity: Low Fixlet ID: 319901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3199 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8687 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-8679 Severity: Low Fixlet ID: 320001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3200 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8679 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. *************************************************************** Title: Win32k Elevation of Privilege Vulnerability - CVE-2017-8720 Severity: High Fixlet ID: 320101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3201 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8720 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. *************************************************************** Title: Microsoft SharePoint XSS Vulnerability - CVE-2017-8629 Severity: Low Fixlet ID: 320201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3202 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8629 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-8709 Severity: Low Fixlet ID: 320302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3203 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8709 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. *************************************************************** Title: Win32k Information Disclosure Vulnerability - CVE-2017-8680 Severity: Low Fixlet ID: 320401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3204 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8680 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. *************************************************************** Title: Windows Kernel Information Disclosure Vulnerability - CVE-2017-8719 Severity: Low Fixlet ID: 320501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3205 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8719 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. *************************************************************** Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-11766 Severity: High Fixlet ID: 320601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3206 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11766 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. *************************************************************** Title: Microsoft Edge Remote Code Execution Vulnerability - CVE-2017-8757 Severity: High Fixlet ID: 320701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3207 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8757 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". *************************************************************** Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2017-8754 Severity: Medium Fixlet ID: 320801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3208 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8754 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8648 Severity: Medium Fixlet ID: 320901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3209 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8648 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. *************************************************************** Title: Windows GDI+ Information Disclosure Vulnerability - CVE-2017-8685 Severity: Low Fixlet ID: 321001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3210 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8685 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. *************************************************************** Title: Windows GDI+ Information Disclosure Vulnerability - CVE-2017-8688 Severity: Low Fixlet ID: 321101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3211 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8688 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. *************************************************************** Title: Windows GDI+ Information Disclosure Vulnerability - CVE-2017-8684 Severity: Low Fixlet ID: 321201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3212 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8684 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. *************************************************************** Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2017-8736 Severity: Medium Fixlet ID: 321301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3213 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8736 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2017-8597 Severity: Medium Fixlet ID: 321401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3214 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8597 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. *************************************************************** Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8751 Severity: High Fixlet ID: 321501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3215 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8751 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. *************************************************************** Title: Microsoft Edge Spoofing Vulnerability - CVE-2017-8724 Severity: Medium Fixlet ID: 321602 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3216 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8724 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2017-8713 Severity: Low Fixlet ID: 322301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3223 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8713 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2017-8711 Severity: Low Fixlet ID: 322401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3224 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8711 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. *************************************************************** Title: Microsoft PDF Remote Code Execution Vulnerability - CVE-2017-8737 Severity: High Fixlet ID: 322601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3226 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8737 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. *************************************************************** Title: Hyper-V Denial of Service Vulnerability - CVE-2017-8704 Severity: Medium Fixlet ID: 322701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3227 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8704 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". *************************************************************** Title: Microsoft PDF Remote Code Execution Vulnerability - CVE-2017-8728 Severity: High Fixlet ID: 322901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3229 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8728 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2017-8712 Severity: Low Fixlet ID: 323001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3230 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8712 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2017-8706 Severity: Low Fixlet ID: 323101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3231 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8706 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2017-8707 Severity: Low Fixlet ID: 323201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3232 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8707 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8741 Severity: High Fixlet ID: 323601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3236 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8741 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: NetBIOS Remote Code Execution Vulnerability - CVE-2017-0161 Severity: Medium Fixlet ID: 323701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3237 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0161 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". *************************************************************** Title: Broadcom BCM43xx Remote Code Execution Vulnerability - CVE-2017-9417 Severity: High Fixlet ID: 323801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3238 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9417 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8649 Severity: High Fixlet ID: 324001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3240 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8649 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11764 Severity: High Fixlet ID: 324101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3241 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11764 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8748 Severity: High Fixlet ID: 324202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3242 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8748 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2017-8750 Severity: High Fixlet ID: 324301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3243 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8750 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". *************************************************************** Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-8731 Severity: High Fixlet ID: 324401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3244 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8731 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8738 Severity: High Fixlet ID: 324501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3245 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8738 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-8739 Severity: Medium Fixlet ID: 324601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3246 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8739 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8752 Severity: High Fixlet ID: 324701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3247 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8752 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-8660 Severity: High Fixlet ID: 324801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3248 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8660 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2017-8749 Severity: High Fixlet ID: 325301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3253 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8749 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. *************************************************************** Title: Internet Explorer Spoofing Vulnerability - CVE-2017-8733 Severity: Medium Fixlet ID: 325401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3254 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8733 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2017-8747 Severity: High Fixlet ID: 325501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3255 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8747 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2017-8702 Severity: Medium Fixlet ID: 325601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3256 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8702 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Information Disclosure Vulnerability - CVE-2017-8710 Severity: Medium Fixlet ID: 325701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3257 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8710 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". *************************************************************** Title: Microsoft Bluetooth Driver Spoofing Vulnerability - CVE-2017-8628 Severity: Medium Fixlet ID: 325801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3258 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8628 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".