Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI Elevation of Privilege Vulnerability.” This vulnerability is different from those described in CVE-2017-0001,...
Read More
Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. Internet Explorer 9, 10 and 11 are vulnerable. Impact: Attackers can exploit this issue to execute arbitrary code in the context...
Read More
Description: This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. The vulnerability affects Microsoft Office, including the latest Office 2016 edition running on Windows 10. Impact: Researchers has observed Office documents exploiting CVE-2017-0199 that download and execute malware payloads from different well-known malware families. Mitigation: Updates are...
Read More
Description: The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. Impact: Attackers can exploit this issue to cause denial-of-service conditions. Mitigation: Cisco has released software...
Read More
Description: The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit...
Read More
