CVE-2017-0082

CVE: CVE-2017-0082
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1511, -,
Description Language: en
Description: The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081.
References:
http://www.securityfocus.com/bid/96635
http://www.securitytracker.com/id/1038017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0082

CVE-2017-0081

CVE: CVE-2017-0081
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_8.1
Versions: *,
windows_server_2016
Versions: *,
windows_rt_8.1
Versions: *,
Description Language: en
Description: The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082.
References:
http://www.securityfocus.com/bid/96634
http://www.securitytracker.com/id/1038017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0081

CVE-2017-0080

CVE: CVE-2017-0080
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2016
Versions: *,
Description Language: en
Description: The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082.
References:
http://www.securityfocus.com/bid/96633
http://www.securitytracker.com/id/1038017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0080

CVE-2017-0079

CVE: CVE-2017-0079
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
Description Language: en
Description: The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.
References:
http://www.securityfocus.com/bid/96632
http://www.securitytracker.com/id/1038017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0079

CVE-2017-0078

CVE: CVE-2017-0078
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_8.1
Versions: *,
windows_server_2016
Versions: *,
windows_rt_8.1
Versions: *,
Description Language: en
Description: The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.
References:
http://www.securityfocus.com/bid/96631
http://www.securitytracker.com/id/1038017
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0078

CVE-2017-0076

CVE: CVE-2017-0076
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, *, 1511,
windows_server_2012
Versions: r2, *,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: *, r2,
windows_server_2016
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka “Hyper-V Denial of Service Vulnerability.” This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.
References:
http://www.securityfocus.com/bid/96636
http://www.securitytracker.com/id/1037999
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0076

CVE-2017-0075

CVE: CVE-2017-0075
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: r2, *,
windows_server_2016
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka “Hyper-V Remote Code Execution Vulnerability.” This vulnerability is different from that described in CVE-2017-0109.
References:
http://www.securityfocus.com/bid/96698
http://www.securitytracker.com/id/1037999
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0075

CVE-2017-0074

CVE: CVE-2017-0074
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, *, 1511,
windows_server_2012
Versions: r2, *,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: *, r2,
windows_server_2016
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka “Hyper-V Denial of Service Vulnerability.” This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.
References:
http://www.securityfocus.com/bid/96641
http://www.securitytracker.com/id/1037999
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0074

CVE-2017-0073

CVE: CVE-2017-0073
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: r2, *,
windows_rt_8.1
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Windows GDI+ Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
References:
http://www.securityfocus.com/bid/96637
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073

CVE-2017-0072

CVE: CVE-2017-0072
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_vista
Versions: *,
windows_server_2008
Versions: r2, *,
windows_7
Versions: *,
Description Language: en
Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka “Uniscribe Remote Code Execution Vulnerability.” This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
References:
http://www.securityfocus.com/bid/96599
http://www.securitytracker.com/id/1037992
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0072
https://www.exploit-db.com/exploits/41654/

CVE-2017-0071

CVE: CVE-2017-0071
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
References:
http://www.securityfocus.com/bid/96681
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0071

CVE-2017-0070

CVE: CVE-2017-0070
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
References:
http://www.securityfocus.com/bid/96690
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0070
https://www.exploit-db.com/exploits/41623/

CVE-2017-0069

CVE: CVE-2017-0069
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: *,
Description Language: en
Description: Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka “Microsoft Edge Spoofing Vulnerability.” This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033.
References:
http://www.securityfocus.com/bid/96650
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0069

CVE-2017-0068

CVE: CVE-2017-0068
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: *,
Description Language: en
Description: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Microsoft Edge Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065.
References:
http://www.securityfocus.com/bid/96649
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0068

CVE-2017-0067

CVE: CVE-2017-0067
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151.
References:
http://www.securityfocus.com/bid/96662
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0067

CVE-2017-0066

CVE: CVE-2017-0066
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: *,
Description Language: en
Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka “Microsoft Edge Security Feature Bypass Vulnerability.” This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
References:
http://www.securityfocus.com/bid/96655
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066

CVE-2017-0065

CVE: CVE-2017-0065
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: edge
Versions: *,
Description Language: en
Description: Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Microsoft Browser Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068.
References:
http://www.securityfocus.com/bid/96648
http://www.securitytracker.com/id/1038006
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0065

CVE-2017-0063

CVE: CVE-2017-0063
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: r2, *,
windows_server_2016
Versions: *,
windows_rt_8.1
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka “Microsoft Color Management Information Disclosure Vulnerability.” This vulnerability is different from that described in CVE-2017-0061.
References:
http://www.securityfocus.com/bid/96643
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0063
https://www.exploit-db.com/exploits/41659/

CVE-2017-0062

CVE: CVE-2017-0062
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_10
Versions: 1607, 1511, -,
windows_server_2012
Versions: r2, -,
windows_vista
Versions: *,
windows_8.1
Versions: *,
windows_server_2008
Versions: r2, *,
windows_rt_8.1
Versions: *,
windows_7
Versions: *,
Description Language: en
Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “GDI+ Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.
References:
http://www.securityfocus.com/bid/96715
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0062
https://www.exploit-db.com/exploits/41658/

CVE-2017-0061

CVE: CVE-2017-0061
Published: 2017-03-17T00:59Z
Vendor: microsoft
Products: windows_vista
Versions: *,
windows_server_2008
Versions: r2, *,
windows_7
Versions: *,
Description Language: en
Description: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka “Microsoft Color Management Information Disclosure Vulnerability.” This vulnerability is different from that described in CVE-2017-0063.
References:
http://www.securityfocus.com/bid/96638
http://www.securitytracker.com/id/1038002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0061
https://www.exploit-db.com/exploits/41657/