|
Microsoft : Security Vulnerabilities Published In 2017 (Bypass)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-11899 |
|
|
Bypass |
2017-12-12 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". |
2 |
CVE-2017-11877 |
|
|
Bypass |
2017-11-15 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". |
3 |
CVE-2017-11830 |
367 |
|
Bypass |
2017-11-15 |
2022-05-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". |
4 |
CVE-2017-11823 |
362 |
|
Bypass |
2017-10-13 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". |
5 |
CVE-2017-11818 |
254 |
|
Bypass |
2017-10-13 |
2019-05-16 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". |
6 |
CVE-2017-11774 |
119 |
|
Exec Code Overflow Bypass |
2017-10-13 |
2021-08-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." |
7 |
CVE-2017-8746 |
|
|
Bypass |
2017-09-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". |
8 |
CVE-2017-8716 |
|
|
Bypass |
2017-09-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". |
9 |
CVE-2017-8715 |
|
|
Bypass |
2017-10-13 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". |
10 |
CVE-2017-8700 |
|
|
Bypass |
2017-11-15 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". |
11 |
CVE-2017-8592 |
200 |
|
Bypass +Info |
2017-07-11 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass". |
12 |
CVE-2017-8571 |
20 |
|
Bypass |
2017-08-01 |
2021-08-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". |
13 |
CVE-2017-8508 |
|
|
Bypass |
2017-06-15 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". |
14 |
CVE-2017-8495 |
287 |
|
Bypass |
2017-07-11 |
2017-07-17 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. |
15 |
CVE-2017-8493 |
178 |
|
Bypass |
2017-06-15 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". |
16 |
CVE-2017-0248 |
295 |
|
Bypass |
2017-05-12 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." |
17 |
CVE-2017-0219 |
|
|
Bypass |
2017-06-15 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. |
18 |
CVE-2017-0218 |
|
|
Bypass |
2017-06-15 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. |
19 |
CVE-2017-0216 |
|
|
Bypass |
2017-06-15 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. |
20 |
CVE-2017-0215 |
668 |
|
Bypass |
2017-06-15 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. |
21 |
CVE-2017-0204 |
|
|
Bypass |
2017-04-12 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." |
22 |
CVE-2017-0203 |
|
|
Bypass |
2017-04-12 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability." |
23 |
CVE-2017-0173 |
|
|
Bypass |
2017-06-15 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. |
24 |
CVE-2017-0159 |
|
|
Bypass |
2017-04-12 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability." |
25 |
CVE-2017-0140 |
|
|
Bypass |
2017-03-17 |
2019-10-03 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135. |
26 |
CVE-2017-0135 |
|
|
Bypass |
2017-03-17 |
2019-10-03 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140. |
27 |
CVE-2017-0066 |
|
|
Bypass |
2017-03-17 |
2019-10-03 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140. |
28 |
CVE-2017-0064 |
|
|
Bypass |
2017-05-12 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." |
29 |
CVE-2017-0063 |
200 |
|
Exec Code Bypass +Info |
2017-03-17 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061. |
30 |
CVE-2017-0061 |
200 |
|
Exec Code Bypass +Info |
2017-03-17 |
2017-08-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063. |
31 |
CVE-2017-0007 |
20 |
|
Bypass |
2017-03-17 |
2017-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." |
32 |
CVE-2017-0002 |
|
|
Bypass |
2017-01-10 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." |
Total number of vulnerabilities : 32
Page :
1
(This Page)
|
|