CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2251 CVE-2017-0406 119 Exec Code Overflow Mem. Corr. 2017-02-08 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.
2252 CVE-2017-0405 119 Exec Code Overflow Mem. Corr. 2017-02-08 2017-07-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359.
2253 CVE-2017-0387 264 Exec Code +Priv 2017-01-12 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278.
2254 CVE-2017-0386 264 Exec Code +Priv 2017-01-12 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299.
2255 CVE-2017-0385 264 Exec Code +Priv 2017-01-12 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400.
2256 CVE-2017-0384 264 Exec Code +Priv 2017-01-12 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626.
2257 CVE-2017-0383 264 Exec Code +Priv 2017-01-12 2017-01-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614.
2258 CVE-2017-0381 119 Overflow 2017-01-12 2017-10-23
9.3
None Remote Medium Not required Complete Complete Complete
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
2259 CVE-2017-0359 254 2018-04-13 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
2260 CVE-2017-0340 264 Exec Code Mem. Corr. 2017-07-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340.
2261 CVE-2017-0338 264 Exec Code 2017-03-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33057977. References: N-CVE-2017-0338.
2262 CVE-2017-0337 264 Exec Code 2017-03-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-31992762. References: N-CVE-2017-0337.
2263 CVE-2017-0335 264 Exec Code 2017-03-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33043375. References: N-CVE-2017-0335.
2264 CVE-2017-0333 264 Exec Code 2017-03-07 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33899363. References: N-CVE-2017-0333.
2265 CVE-2017-0331 264 Exec Code 2017-05-02 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.
2266 CVE-2017-0307 264 Exec Code 2017-03-07 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307.
2267 CVE-2017-0306 264 Exec Code 2017-03-07 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306.
2268 CVE-2017-0294 19 Exec Code 2017-06-14 2017-06-26
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".
2269 CVE-2017-0292 284 Exec Code 2017-06-14 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291.
2270 CVE-2017-0291 284 Exec Code 2017-06-14 2017-06-26
9.3
None Remote Medium Not required Complete Complete Complete
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292.
2271 CVE-2017-0290 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."
2272 CVE-2017-0283 264 Exec Code 2017-06-14 2017-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
2273 CVE-2017-0281 19 Exec Code 2017-05-12 2017-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
2274 CVE-2017-0272 19 Exec Code 2017-05-12 2018-03-27
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.
2275 CVE-2017-0265 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.
2276 CVE-2017-0264 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.
2277 CVE-2017-0262 19 Exec Code 2017-05-12 2017-05-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.
2278 CVE-2017-0261 20 Exec Code 2017-05-12 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.
2279 CVE-2017-0260 284 Exec Code 2017-06-14 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.
2280 CVE-2017-0254 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.
2281 CVE-2017-0250 119 Exec Code Overflow 2017-08-08 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".
2282 CVE-2017-0243 119 Exec Code Overflow 2017-07-11 2017-07-20
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.
2283 CVE-2017-0199 284 Exec Code 2017-04-12 2018-03-27
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
2284 CVE-2017-0197 20 Exec Code 2017-04-12 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability."
2285 CVE-2017-0176 284 Exec Code Overflow 2017-06-22 2017-07-05
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
2286 CVE-2017-0166 264 2017-04-12 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability."
2287 CVE-2017-0152 119 Exec Code Overflow Mem. Corr. 2017-07-17 2017-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
2288 CVE-2017-0148 20 Exec Code 2017-03-16 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
2289 CVE-2017-0146 20 Exec Code 2017-03-16 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
2290 CVE-2017-0145 20 Exec Code 2017-03-16 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.
2291 CVE-2017-0144 20 Exec Code 2017-03-16 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
2292 CVE-2017-0143 20 Exec Code 2017-03-16 2018-06-20
9.3
None Remote Medium Not required Complete Complete Complete
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
2293 CVE-2017-0108 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
2294 CVE-2017-0106 119 DoS Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
2295 CVE-2017-0104 190 Overflow Mem. Corr. 2017-03-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."
2296 CVE-2017-0090 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.
2297 CVE-2017-0089 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.
2298 CVE-2017-0088 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
2299 CVE-2017-0087 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
2300 CVE-2017-0086 119 Exec Code Overflow 2017-03-16 2017-08-15
9.3
None Remote Medium Not required Complete Complete Complete
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.