From winvulns-announcements at bigmail.bigfix.com Wed Jan 3 05:21:08 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 3 Jan 2018 05:21:08 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 575 Published: Tue, 02 Jan 2018 19:12:37 GMT New Fixlets: ============ *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11909 Severity: High Fixlet ID: 378901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3789 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11909 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11913 Severity: High Fixlet ID: 379001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3790 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11913 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11908 Severity: High Fixlet ID: 379101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3791 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11908 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11914 Severity: High Fixlet ID: 379201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3792 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11914 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-11919 Severity: Low Fixlet ID: 379301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3793 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11919 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11918 Severity: High Fixlet ID: 379401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3794 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11918 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11916 Severity: High Fixlet ID: 379501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3795 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11916 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11912 Severity: High Fixlet ID: 379601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3796 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11912 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11910 Severity: High Fixlet ID: 379701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3797 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11910 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11930 Severity: High Fixlet ID: 379801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3798 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11930 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11911 Severity: High Fixlet ID: 379901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3799 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11911 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Microsoft Edge Memory Corruption Vulnerability - CVE-2017-11888 Severity: Fixlet ID: 380001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3800 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11888 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". *************************************************************** Title: Microsoft Windows Information Disclosure Vulnerability - CVE-2017-11927 Severity: Medium Fixlet ID: 380101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3801 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11927 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability". *************************************************************** Title: Microsoft Windows Security Feature Bypass Vulnerability - CVE-2017-11899 Severity: Fixlet ID: 380201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3802 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11899 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11889 Severity: High Fixlet ID: 381601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3816 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11889 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11895 Severity: High Fixlet ID: 381801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3818 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11895 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11886 Severity: High Fixlet ID: 382101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3821 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11886 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. From winvulns-announcements at bigmail.bigfix.com Tue Jan 9 05:21:20 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 9 Jan 2018 05:21:20 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 576 Published: Tue, 09 Jan 2018 00:28:36 GMT New Fixlets: ============ *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2017-11936 Severity: High Fixlet ID: 380701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3807 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11936 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". *************************************************************** Title: Windows RRAS Service Remote Code Execution Vulnerability - CVE-2017-11885 Severity: High Fixlet ID: 380801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3808 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11885 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". *************************************************************** Title: Microsoft Exchange Spoofing Vulnerability - CVE-2017-11932 Severity: Medium Fixlet ID: 381002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3810 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11932 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11901 Severity: High Fixlet ID: 381101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3811 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11901 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11890 Severity: High Fixlet ID: 381201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3812 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11890 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11907 Severity: High Fixlet ID: 381301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3813 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11907 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11905 Severity: High Fixlet ID: 381401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3814 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11905 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-11887 Severity: Low Fixlet ID: 381501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3815 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11887 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2017-11906 Severity: Low Fixlet ID: 381702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3817 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11906 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11893 Severity: High Fixlet ID: 381901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3819 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11893 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2017-11903 Severity: High Fixlet ID: 382001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3820 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11903 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. *************************************************************** Title: Cumulative Security Update for Internet Explorer - CVE-2015-2444 Severity: High Fixlet ID: 383301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3833 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2444 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442. From winvulns-announcements at bigmail.bigfix.com Fri Jan 19 05:21:22 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 19 Jan 2018 05:21:22 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 577 Published: Thu, 18 Jan 2018 19:22:03 GMT New Fixlets: ============ *************************************************************** Title: Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability - CVE-2018-0790 Severity: Fixlet ID: 384901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3849 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0790 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-0789 Severity: Fixlet ID: 385001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3850 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0789 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. *************************************************************** Title: Microsoft Outlook Remote Code Execution Vulnerability - CVE-2018-0793 Severity: Fixlet ID: 385102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3851 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0793 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. *************************************************************** Title: Microsoft Outlook Remote Code Execution Vulnerability - CVE-2018-0791 Severity: Fixlet ID: 385201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3852 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0773 Severity: Fixlet ID: 385301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3853 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0773 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0767 Severity: Fixlet ID: 385401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3854 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0767 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0781 Severity: Fixlet ID: 385501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3855 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0781 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0776 Severity: Fixlet ID: 385601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3856 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0776 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0778 Severity: High Fixlet ID: 385701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3857 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0778 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0777 Severity: Fixlet ID: 385801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3858 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0777 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0772 Severity: Fixlet ID: 385901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3859 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Security Feature Bypass - CVE-2018-0818 Severity: Fixlet ID: 386001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3860 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0818 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass". *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0766 Severity: Fixlet ID: 386101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3861 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0766 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0769 Severity: Fixlet ID: 386201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3862 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0769 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0758 Severity: Fixlet ID: 386301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3863 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0758 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0770 Severity: Fixlet ID: 386401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3864 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0770 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0774 Severity: Fixlet ID: 386501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3865 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0774 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0768 Severity: Fixlet ID: 386601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3866 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0768 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0775 Severity: Fixlet ID: 386701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3867 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0775 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Microsoft Edge Elevation of Privilege Vulnerability - CVE-2018-0803 Severity: Fixlet ID: 386801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3868 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0803 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability". *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0762 Severity: Fixlet ID: 386901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3869 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0780 Severity: Fixlet ID: 387001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3870 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0780 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. *************************************************************** Title: Microsoft Color Management Information Disclosure Vulnerability - CVE-2018-0741 Severity: Fixlet ID: 387101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3871 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0741 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability". *************************************************************** Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability - CVE-2018-0743 Severity: Fixlet ID: 387202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3872 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0743 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0744 Severity: Fixlet ID: 388202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3882 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0744 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Information Disclosure Vulnerability - CVE-2018-0746 Severity: Low Fixlet ID: 388301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3883 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0746 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747. *************************************************************** Title: Windows Information Disclosure Vulnerability - CVE-2018-0747 Severity: Low Fixlet ID: 388401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3884 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0747 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0748 Severity: Medium Fixlet ID: 388501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3885 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0748 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Information Disclosure Vulnerability - CVE-2018-0745 Severity: Low Fixlet ID: 388601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3886 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0745 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747. *************************************************************** Title: Microsoft Word Remote Code Execution Vulnerability - CVE-2018-0794 Severity: Fixlet ID: 388701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3887 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0794 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792. *************************************************************** Title: Microsoft Word Remote Code Execution Vulnerability - CVE-2018-0792 Severity: Fixlet ID: 388801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3888 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0792 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794. *************************************************************** Title: Microsoft Access Tampering Vulnerability - CVE-2018-0799 Severity: Fixlet ID: 389701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3897 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0799 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". *************************************************************** Title: Microsoft Excel Remote Code Execution Vulnerability - CVE-2018-0796 Severity: Fixlet ID: 389901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3899 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0796 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".