[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Wed Apr 18 05:21:23 PDT 2018
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 582 Published: Tue, 17 Apr 2018 17:37:21 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in the MySQL Server - CVE-2017-3732
Severity: Medium
Fixlet ID: 304501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3045
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3732
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server. Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier.
***************************************************************
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL)) - CVE-2017-3737
Severity: Medium
Fixlet ID: 400101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4001
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3737
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL)).
***************************************************************
Title: Integer underflow in WebAssembly - CVE-2018-6036
Severity: <Unspecified>
Fixlet ID: 407401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4074
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer underflow in WebAssembly.
***************************************************************
Title: Insufficient isolation of devtools from extensions - CVE-2018-6046
Severity: <Unspecified>
Fixlet ID: 408401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4084
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient isolation of devtools from extensions.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0834
Severity: High
Fixlet ID: 410601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4106
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0834
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0839
Severity: Medium
Fixlet ID: 410901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4109
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0839
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0835
Severity: High
Fixlet ID: 412101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4121
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0835
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0859
Severity: High
Fixlet ID: 412301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4123
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0859
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0809
Severity: Medium
Fixlet ID: 412501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4125
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0809
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0820 and CVE-2018-0843.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0810
Severity: Low
Fixlet ID: 412701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4127
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0810
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0860
Severity: High
Fixlet ID: 412801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4128
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0860
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0861
Severity: High
Fixlet ID: 412901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4129
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0861
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0837
Severity: High
Fixlet ID: 413001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4130
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0837
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0838
Severity: High
Fixlet ID: 413101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4131
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0838
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0858
Severity: High
Fixlet ID: 413201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4132
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0858
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0842
Severity: Medium
Fixlet ID: 413401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4134
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0842
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0831
Severity: Medium
Fixlet ID: 413601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4136
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0831
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0820
Severity: Medium
Fixlet ID: 413801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4138
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0820
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0832
Severity: Low
Fixlet ID: 413901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4139
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0832
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0840
Severity: High
Fixlet ID: 414001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4140
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0840
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Windows EOT Font Engine Information Disclosure Vulnerability - CVE-2018-0761
Severity: Low
Fixlet ID: 414301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4143
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0761
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".
***************************************************************
Title: Windows EOT Font Engine Information Disclosure Vulnerability - CVE-2018-0755
Severity: Low
Fixlet ID: 414501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4145
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0755
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability"
***************************************************************
Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0864
Severity: Low
Fixlet ID: 414701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4147
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0864
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".
***************************************************************
Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0869
Severity: Low
Fixlet ID: 415401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4154
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0869
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4915
Severity: Medium
Fixlet ID: 416001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4160
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4915
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2018-0844
Severity: Medium
Fixlet ID: 416201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4162
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0844
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability".
***************************************************************
Title: Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability - CVE-2018-0823
Severity: Medium
Fixlet ID: 416301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4163
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0823
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
***************************************************************
Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0821
Severity: Medium
Fixlet ID: 416401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4164
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0821
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
***************************************************************
Title: Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability - CVE-2018-0822
Severity: Medium
Fixlet ID: 416501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4165
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0822
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
***************************************************************
Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0833
Severity: Medium
Fixlet ID: 416701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4167
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0833
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
***************************************************************
Title: Windows Storage Services Elevation of Privilege Vulnerability - CVE-2018-0826
Severity: Medium
Fixlet ID: 416902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4169
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0826
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0847
Severity: Medium
Fixlet ID: 417101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4171
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0847
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0757
Severity: Low
Fixlet ID: 417301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4173
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0757
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4908
Severity: Medium
Fixlet ID: 458801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4588
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4908
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4900
Severity: Medium
Fixlet ID: 458901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4589
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4900
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4906
Severity: Medium
Fixlet ID: 459302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4593
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4906
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4899
Severity: Medium
Fixlet ID: 459401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4594
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4899
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4903
Severity: Medium
Fixlet ID: 459501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4595
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4903
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4894
Severity: Medium
Fixlet ID: 459601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4596
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4894
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4897
Severity: Medium
Fixlet ID: 459701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4597
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4897
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4916
Severity: Medium
Fixlet ID: 460101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4601
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4916
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4880
Severity: Medium
Fixlet ID: 460301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4603
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4880
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4885
Severity: Medium
Fixlet ID: 461701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4617
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4885
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4891
Severity: Medium
Fixlet ID: 461801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4618
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4891
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4889
Severity: Medium
Fixlet ID: 462101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4621
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: A use-after-free vulnerability in Adobe Flash Player 28.0.0.137 and earlier versions - CVE-2018-4877
Severity: High
Fixlet ID: 462301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4623
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4877
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. .
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4909
Severity: Medium
Fixlet ID: 462401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4624
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4909
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4912
Severity: Medium
Fixlet ID: 462501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4625
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4912
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4914
Severity: Medium
Fixlet ID: 462601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4626
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4914
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0897
Severity: Low
Fixlet ID: 463901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4639
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0897
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0894
Severity: Low
Fixlet ID: 464101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4641
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0894
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0898
Severity: Low
Fixlet ID: 464201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4642
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0898
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0896
Severity: Low
Fixlet ID: 464301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4643
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0896
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0904
Severity: Low
Fixlet ID: 464401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4644
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0904
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0813
Severity: Low
Fixlet ID: 464501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4645
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0813
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0900
Severity: Low
Fixlet ID: 464701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4647
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0900
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0895
Severity: Low
Fixlet ID: 464901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4649
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0895
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows GDI Elevation of Privilege Vulnerability - CVE-2018-0815
Severity: Medium
Fixlet ID: 465201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4652
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0815
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0814
Severity: Low
Fixlet ID: 465301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4653
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0814
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Installer Elevation of Privilege Vulnerability - CVE-2018-0868
Severity: Medium
Fixlet ID: 465401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4654
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0868
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability".
***************************************************************
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4895
Severity: High
Fixlet ID: 466001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4660
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4895
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4872
Severity: High
Fixlet ID: 466501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4665
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4872
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
***************************************************************
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4898
Severity: Medium
Fixlet ID: 466901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4669
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4898
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4892
Severity: Medium
Fixlet ID: 467001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4670
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4892
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0921
Severity: Medium
Fixlet ID: 467402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4674
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0921
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
***************************************************************
Title: Use-after-free write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4902
Severity: Medium
Fixlet ID: 467801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4678
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4902
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4911
Severity: Medium
Fixlet ID: 468201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4682
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4911
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
***************************************************************
Title: Heap Overflow write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4904
Severity: Medium
Fixlet ID: 468401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4684
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4904
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0893
Severity: High
Fixlet ID: 469001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4690
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0893
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0933
Severity: High
Fixlet ID: 469101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4691
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0933
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0937
Severity: High
Fixlet ID: 469301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4693
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0937
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0936
Severity: High
Fixlet ID: 469501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4695
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0936
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0874
Severity: High
Fixlet ID: 469601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4696
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0874
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0931
Severity: High
Fixlet ID: 469801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4698
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0931
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0876
Severity: High
Fixlet ID: 469901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4699
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0876
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0934
Severity: High
Fixlet ID: 470001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4700
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0934
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Microsoft Video Control Elevation of Privilege Vulnerability - CVE-2018-0883
Severity: High
Fixlet ID: 470501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4705
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0883
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".
***************************************************************
Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2018-0927
Severity: Medium
Fixlet ID: 472401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4724
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0927
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
***************************************************************
Title: Internet Explorer Information Disclosure Vulnerability - CVE-2018-0929
Severity: Medium
Fixlet ID: 472501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4725
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0929
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
***************************************************************
Title: Microsoft Office Memory Corruption Vulnerability - CVE-2018-0922
Severity: High
Fixlet ID: 475101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4751
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0922
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
***************************************************************
Title: Microsoft Access Remote Code Execution Vulnerability - CVE-2018-0903
Severity: Medium
Fixlet ID: 475201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4752
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0903
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".
***************************************************************
Title: Use after free in Flash - CVE-2017-11215
Severity: High
Fixlet ID: 485301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4853
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11215
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Flash.
***************************************************************
Title: URL Spoof in OmniBox - CVE-2018-6078
Severity: <Unspecified>
Fixlet ID: 485401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4854
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6078
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL Spoof in OmniBox.
***************************************************************
Title: Timing attack using SVG filters - CVE-2018-6077
Severity: <Unspecified>
Fixlet ID: 485501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4855
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6077
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Timing attack using SVG filters.
***************************************************************
Title: Information disclosure via texture data in WebGL - CVE-2018-6079
Severity: <Unspecified>
Fixlet ID: 485601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4856
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6079
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Information disclosure via texture data in WebGL.
More information about the WinVulns-Announcements
mailing list