[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Apr 20 05:21:35 PDT 2018
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 583 Published: Thu, 19 Apr 2018 18:23:04 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Word Memory Corruption Vulnerability - CVE-2018-0797
Severity: High
Fixlet ID: 390101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3901
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0797
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
***************************************************************
Title: Mixed content blocking incorrectly applies with redirects - CVE-2017-7835
Severity: <Unspecified>
Fixlet ID: 397401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3974
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7835
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.
***************************************************************
Title: Web worker in Private Browsing mode can write IndexedDB data - CVE-2017-7843
Severity: <Unspecified>
Fixlet ID: 400201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4002
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7843
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting.
***************************************************************
Title: Cross-origin URL information leak through Resource Timing API - CVE-2017-7830
Severity: <Unspecified>
Fixlet ID: 400901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4009
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7830
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users.
***************************************************************
Title: Integer overflow in Blink - CVE-2018-6034
Severity: <Unspecified>
Fixlet ID: 406901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4069
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6034
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in Blink.
***************************************************************
Title: Incomplete no-referrer policy implementation - CVE-2018-6052
Severity: <Unspecified>
Fixlet ID: 407101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4071
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6052
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incomplete no-referrer policy implementation.
***************************************************************
Title: URL spoof in OmniBox - CVE-2018-6042
Severity: <Unspecified>
Fixlet ID: 407602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4076
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoof in OmniBox.
***************************************************************
Title: URL spoof in OmniBox - CVE-2018-6050
Severity: <Unspecified>
Fixlet ID: 407801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4078
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6050
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoof in OmniBox.
***************************************************************
Title: Content security policy bypass - CVE-2018-6040
Severity: <Unspecified>
Fixlet ID: 408001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4080
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6040
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Content security policy bypass.
***************************************************************
Title: Insufficient isolation of devtools from extensions - CVE-2018-6035
Severity: <Unspecified>
Fixlet ID: 408201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4082
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6035
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Insufficient isolation of devtools from extensions.
***************************************************************
Title: Referrer leak in XSS Auditor - CVE-2018-6051
Severity: <Unspecified>
Fixlet ID: 408701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4087
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6051
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Referrer leak in XSS Auditor.
***************************************************************
Title: Use after free in PDFium - CVE-2018-6031
Severity: <Unspecified>
Fixlet ID: 408901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4089
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6031
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in PDFium.
***************************************************************
Title: URL spoof in Navigation - CVE-2018-6041
Severity: <Unspecified>
Fixlet ID: 409101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4091
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: URL spoof in Navigation.
***************************************************************
Title: Background network requests can open HTTP authentication in unrelated foreground tabs - CVE-2018-5115
Severity: <Unspecified>
Fixlet ID: 409801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4098
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5115
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site.
***************************************************************
Title: Potential integer overflow in DoCrypt - CVE-2018-5122
Severity: <Unspecified>
Fixlet ID: 410001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4100
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5122
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A potential integer overflow in the DoCrypt function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write.
***************************************************************
Title: Reader view will load cross-origin content in violation of CORS headers - CVE-2018-5119
Severity: <Unspecified>
Fixlet ID: 410201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4102
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5119
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view.
***************************************************************
Title: Microsoft Edge Security Feature Bypass Vulnerability - CVE-2018-0771
Severity: Medium
Fixlet ID: 410701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4107
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0771
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".
***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0763
Severity: Low
Fixlet ID: 410801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4108
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0763
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0857
Severity: High
Fixlet ID: 412201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4122
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0857
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0836
Severity: High
Fixlet ID: 412401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4124
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0836
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0856
Severity: High
Fixlet ID: 412601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4126
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0856
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0829
Severity: Low
Fixlet ID: 413301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4133
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0829
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0830
Severity: Low
Fixlet ID: 413501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4135
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0830
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0832.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0843
Severity: Low
Fixlet ID: 413701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4137
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0843
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0820.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0866
Severity: High
Fixlet ID: 414101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4141
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0866
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.
***************************************************************
Title: Windows EOT Font Engine Information Disclosure Vulnerability - CVE-2018-0855
Severity: Medium
Fixlet ID: 414201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4142
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0855
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".
***************************************************************
Title: Windows EOT Font Engine Information Disclosure Vulnerability - CVE-2018-0760
Severity: Low
Fixlet ID: 414401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4144
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0760
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability".
***************************************************************
Title: Integer overflow in Skia library during edge builder allocation - CVE-2018-5095
Severity: <Unspecified>
Fixlet ID: 415801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4158
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5095
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash.
***************************************************************
Title: Use-after-free with DTMF timers - CVE-2018-5091
Severity: <Unspecified>
Fixlet ID: 415901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4159
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash.
***************************************************************
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability - CVE-2018-0846
Severity: Medium
Fixlet ID: 416101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4161
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0846
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability".
***************************************************************
Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0828
Severity: Medium
Fixlet ID: 416601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4166
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0828
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".
***************************************************************
Title: StructuredQuery Remote Code Execution Vulnerability - CVE-2018-0825
Severity: High
Fixlet ID: 416801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4168
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0825
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".
***************************************************************
Title: Windows Security Feature Bypass Vulnerability - CVE-2018-0827
Severity: Medium
Fixlet ID: 417001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4170
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0827
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability".
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0756
Severity: Medium
Fixlet ID: 417201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4172
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0756
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.
***************************************************************
Title: Windows Kernel Elevation of Privilege Vulnerability - CVE-2018-0742
Severity: Medium
Fixlet ID: 417401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4174
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0742
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0756. CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4896
Severity: Medium
Fixlet ID: 459001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4590
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4896
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4905
Severity: Medium
Fixlet ID: 459101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4591
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4905
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4907
Severity: Medium
Fixlet ID: 459202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4592
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4907
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4883
Severity: Medium
Fixlet ID: 459901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4599
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4883
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4882
Severity: Medium
Fixlet ID: 460201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4602
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4882
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4881
Severity: Medium
Fixlet ID: 460401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4604
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4881
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4886
Severity: Medium
Fixlet ID: 461601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4616
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4886
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4884
Severity: Medium
Fixlet ID: 461901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4619
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4884
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4887
Severity: Medium
Fixlet ID: 462001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4620
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4887
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier - CVE-2018-4893
Severity: Medium
Fixlet ID: 462201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4622
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4893
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure.
***************************************************************
Title: Windows GDI Elevation of Privilege Vulnerability - CVE-2018-0817
Severity: Medium
Fixlet ID: 464001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4640
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0817
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.
***************************************************************
Title: Windows GDI Elevation of Privilege Vulnerability - CVE-2018-0816
Severity: Medium
Fixlet ID: 464601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4646
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0816
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0899
Severity: Low
Fixlet ID: 464801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4648
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0899
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0811
Severity: Low
Fixlet ID: 465001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4650
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0811
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0901
Severity: Low
Fixlet ID: 465101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4651
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0901
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.
***************************************************************
Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0923
Severity: Medium
Fixlet ID: 466101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4661
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0923
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.
***************************************************************
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4913
Severity: Medium
Fixlet ID: 466201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4662
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4913
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Type Confusion (RCE) vulnerability in Adobe Flash Player before 29.0.0.113 - CVE-2018-4920
Severity: <Unspecified>
Fixlet ID: 466601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4666
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4920
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Type Confusion (RCE) vulnerability in Adobe Flash Player before 29.0.0.113
***************************************************************
Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0917
Severity: Medium
Fixlet ID: 466801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4668
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0917
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
***************************************************************
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4879
Severity: High
Fixlet ID: 467601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4676
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4879
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4901
Severity: Medium
Fixlet ID: 467701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4677
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4901
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
***************************************************************
Title: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4890
Severity: Medium
Fixlet ID: 467901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4679
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4890
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack.
***************************************************************
Title: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4910
Severity: Medium
Fixlet ID: 468101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4681
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4910
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
***************************************************************
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions - CVE-2018-4888
Severity: Medium
Fixlet ID: 468601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4686
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4888
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution.
***************************************************************
Title: Windows Desktop Bridge VFS Elevation of Privilege Vulnerability - CVE-2018-0877
Severity: High
Fixlet ID: 468801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4688
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0877
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0872
Severity: High
Fixlet ID: 469201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4692
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0872
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0925
Severity: High
Fixlet ID: 469401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4694
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0925
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0930
Severity: High
Fixlet ID: 469701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4697
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0930
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0873
Severity: High
Fixlet ID: 470101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4701
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0873
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
***************************************************************
Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0939
Severity: Medium
Fixlet ID: 470202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4702
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0939
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.
***************************************************************
Title: Hyper-V Information Disclosure Vulnerability - CVE-2018-0888
Severity: Medium
Fixlet ID: 470401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4704
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0888
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".
***************************************************************
Title: Windows Remote Assistance Information Disclosure Vulnerability - CVE-2018-0878
Severity: Low
Fixlet ID: 470602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4706
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0878
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0935
Severity: High
Fixlet ID: 471901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4719
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0935
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.
***************************************************************
Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0889
Severity: High
Fixlet ID: 472001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4720
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0889
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.
***************************************************************
Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0891
Severity: Medium
Fixlet ID: 472101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4721
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0891
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939.
***************************************************************
Title: Internet Explorer Elevation of Privilege Vulnerability - CVE-2018-0942
Severity: Low
Fixlet ID: 472201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4722
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0942
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".
***************************************************************
Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0879
Severity: Medium
Fixlet ID: 472301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4723
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0879
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
***************************************************************
Title: Microsoft Browser Information Disclosure Vulnerability - CVE-2018-0932
Severity: Medium
Fixlet ID: 472602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4726
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0932
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
***************************************************************
Title: Windows Kernel Information Disclosure Vulnerability - CVE-2018-0926
Severity: Low
Fixlet ID: 472701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4727
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0926
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.
***************************************************************
Title: Use after free in Blink - CVE-2018-6060
Severity: <Unspecified>
Fixlet ID: 472901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4729
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6060
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Blink.
***************************************************************
Title: Incorrect permissions on shared memory - CVE-2018-6063
Severity: <Unspecified>
Fixlet ID: 473002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4730
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6063
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect permissions on shared memory.
***************************************************************
Title: Incorrect permissions on shared memory - CVE-2018-6057
Severity: <Unspecified>
Fixlet ID: 473301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4733
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6057
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect permissions on shared memory.
***************************************************************
Title: Integer overflow in V8 - CVE-2018-6065
Severity: <Unspecified>
Fixlet ID: 473501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4735
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6065
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Integer overflow in V8.
***************************************************************
Title: Heap buffer overflow in Skia - CVE-2018-6062
Severity: <Unspecified>
Fixlet ID: 473601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4736
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6062
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap buffer overflow in Skia.
***************************************************************
Title: Microsoft Exchange Elevation of Privilege Vulnerability - CVE-2018-0941
Severity: Medium
Fixlet ID: 475701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4757
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0941
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.
***************************************************************
Title: Incorrect processing of AppManifests - CVE-2018-6083
Severity: <Unspecified>
Fixlet ID: 485001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4850
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6083
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Incorrect processing of AppManifests.
***************************************************************
Title: Circumvention of port blocking - CVE-2018-6082
Severity: <Unspecified>
Fixlet ID: 485101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4851
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6082
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Circumvention of port blocking.
***************************************************************
Title: Use after free in Flash - CVE-2017-11225
Severity: High
Fixlet ID: 485201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4852
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11225
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use after free in Flash.
***************************************************************
Title: Information disclosure in IPC call - CVE-2018-6080
Severity: <Unspecified>
Fixlet ID: 485701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4857
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6080
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Information disclosure in IPC call.
***************************************************************
Title: XSS in interstitials - CVE-2018-6081
Severity: <Unspecified>
Fixlet ID: 485801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4858
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6081
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: XSS in interstitials.
More information about the WinVulns-Announcements
mailing list