Announce Buddy

CVE: CVE-2017-0016 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, windows_8.1 Versions: *, windows_server_2016 Versions: *, windows_rt_8.1 Versions: *, Description Language: en Description: Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in […]

CVE: CVE-2017-0015 Published: 2017-03-17T00:59Z Vendor: microsoft Products: edge Versions: -, Description Language: en Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context […]

CVE: CVE-2017-0014 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, -, office Versions: 2010, windows_8.1 Versions: *, windows_server_2008 Versions: r2, windows_server_2016 Versions: *, windows_rt_8.1 Versions: *, windows_7 Versions: *, Description Language: en Description: The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; […]

CVE: CVE-2017-0012 Published: 2017-03-17T00:59Z Vendor: microsoft Products: internet_explorer Versions: 11, edge Versions: *, Description Language: en Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka “Microsoft Browser Spoofing Vulnerability.” This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069. References: http://www.securityfocus.com/bid/96085 http://www.securitytracker.com/id/1038006 […]

CVE: CVE-2017-0011 Published: 2017-03-17T00:59Z Vendor: microsoft Products: edge Versions: *, Description Language: en Description: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka “Microsoft Edge Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. References: http://www.securityfocus.com/bid/96064 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0011

CVE: CVE-2017-0010 Published: 2017-03-17T00:59Z Vendor: microsoft Products: edge Versions: -, Description Language: en Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context […]

CVE: CVE-2017-0009 Published: 2017-03-17T00:59Z Vendor: microsoft Products: internet_explorer Versions: 9, 11, 10, Description Language: en Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and […]

CVE: CVE-2017-0008 Published: 2017-03-17T00:59Z Vendor: microsoft Products: internet_explorer Versions: 9, 11, 10, Description Language: en Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Internet Explorer Information Disclosure Vulnerability.” This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. References: […]

CVE: CVE-2017-0007 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2016 Versions: *, Description Language: en Description: Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka “PowerShell Security Feature Bypass Vulnerability.” References: http://www.securityfocus.com/bid/96018 http://www.securitytracker.com/id/1038001 Defeating Device Guard: […]

CVE: CVE-2017-0006 Published: 2017-03-17T00:59Z Vendor: microsoft Products: office_compatibility_pack Versions: *, excel_viewer Versions: *, sharepoint_server Versions: 2007, excel Versions: 2007, Description Language: en Description: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory […]

CVE: CVE-2017-0005 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, -, windows_vista Versions: *, windows_8.1 Versions: *, windows_server_2008 Versions: r2, *, windows_rt_8.1 Versions: *, windows_7 Versions: *, Description Language: en Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 […]

CVE: CVE-2017-0001 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, -, windows_vista Versions: *, windows_8.1 Versions: *, windows_server_2008 Versions: r2, *, windows_rt_8.1 Versions: *, windows_7 Versions: *, Description Language: en Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 […]

CVE: CVE-2017-0001 Published: 2017-03-17T00:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, -, windows_vista Versions: *, windows_8.1 Versions: *, windows_server_2008 Versions: r2, *, windows_rt_8.1 Versions: *, windows_7 Versions: *, Description Language: en Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 […]

CVE: CVE-2017-0037 Published: 2017-02-26T23:59Z Vendor: microsoft Products: internet_explorer Versions: 11, edge Versions: *, Description Language: en Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token […]

CVE: CVE-2017-0038 Published: 2017-02-20T16:59Z Vendor: microsoft Products: windows_10 Versions: 1607, 1511, -, windows_server_2012 Versions: r2, -, windows_vista Versions: *, windows_8.1 Versions: *, windows_server_2008 Versions: r2, *, windows_server_2016 Versions: *, windows_rt_8.1 Versions: *, windows_7 Versions: *, Description Language: en Description: gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and […]

CVE: CVE-2017-0004 Published: 2017-01-10T21:59Z Vendor: microsoft Products: windows_vista Versions: -, windows_server_2008 Versions: r2, -, windows_7 Versions: -, Description Language: en Description: The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via […]

CVE: CVE-2017-0003 Published: 2017-01-10T21:59Z Vendor: microsoft Products: sharepoint_enterprise_server Versions: 2016, word Versions: 2016, Description Language: en Description: Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office Memory Corruption Vulnerability.” References: http://fortiguard.com/advisory/FG-VD-16-079 http://technet.microsoft.com/security/bulletin/MS17-002 http://www.securityfocus.com/bid/95287 http://www.securitytracker.com/id/1037568 http://www.securitytracker.com/id/1037569

CVE: CVE-2017-0002 Published: 2017-01-10T21:59Z Vendor: microsoft Products: edge Versions: *, Description Language: en Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka “Microsoft Edge Elevation of Privilege Vulnerability.” References: http://technet.microsoft.com/security/bulletin/MS17-001 http://www.securityfocus.com/bid/95284 http://www.securitytracker.com/id/1037573