English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.810927
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4015221)
Summary:This host is missing an important security; update according to Microsoft Security update KB4015221.
Description:Summary:
This host is missing an important security
update according to Microsoft Security update KB4015221.

Vulnerability Insight:
Multiple flaws exist:

- Microsoft Windows OLE when it fails an integrity-level check.

- Internet Explorer does not properly enforce cross-domain policies.

- Chakra scripting engine does not properly handle objects in memory.

- Microsoft Edge improperly accesses objects in memory.

- Edge Content Security Policy (CSP) fails to properly validate certain
specially crafted documents.

- Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly
handle objects in memory.

- Windows kernel-mode driver fails to properly handle objects in memory.

- win32k component improperly provides kernel information.

- Microsoft Hyper-V Network Switch on a host server fails to properly
validate input from a privileged user on a guest operating system.

- LDAP request buffer lengths are improperly calculated.

- Microsoft .NET Framework fails to properly validate input before loading
libraries.

- ADFS incorrectly treats requests coming from Extranet clients as Intranet
requests.

- An error in the way that the Scripting Engine renders when handling objects
in memory in Microsoft browsers.

- Microsoft Graphics Component fails to properly handle objects in memory.

- open-source libjpeg image-processing library fails to properly handle
objects in memory.

Vulnerability Impact:
Successful exploitation will allow an attacker
to obtain information to further compromise the user's system, execute
arbitrary code in the context of the current user, gain the same user rights as
the current user, could take control of an affected system and cause a host
machine to crash.

Affected Software/OS:
Microsoft Windows 10 x32/x64.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-0166
BugTraq ID: 97446
http://www.securityfocus.com/bid/97446
http://www.securitytracker.com/id/1038245
Common Vulnerability Exposure (CVE) ID: CVE-2017-0167
BugTraq ID: 97473
http://www.securityfocus.com/bid/97473
https://www.exploit-db.com/exploits/41880/
http://www.securitytracker.com/id/1038239
Common Vulnerability Exposure (CVE) ID: CVE-2017-0178
BugTraq ID: 97416
http://www.securityfocus.com/bid/97416
Common Vulnerability Exposure (CVE) ID: CVE-2017-0179
BugTraq ID: 97426
http://www.securityfocus.com/bid/97426
Common Vulnerability Exposure (CVE) ID: CVE-2017-0180
BugTraq ID: 97444
http://www.securityfocus.com/bid/97444
http://www.securitytracker.com/id/1038233
Common Vulnerability Exposure (CVE) ID: CVE-2017-0181
BugTraq ID: 97445
http://www.securityfocus.com/bid/97445
Common Vulnerability Exposure (CVE) ID: CVE-2017-0182
BugTraq ID: 97427
http://www.securityfocus.com/bid/97427
Common Vulnerability Exposure (CVE) ID: CVE-2017-0183
BugTraq ID: 97428
http://www.securityfocus.com/bid/97428
Common Vulnerability Exposure (CVE) ID: CVE-2017-0184
BugTraq ID: 97435
http://www.securityfocus.com/bid/97435
Common Vulnerability Exposure (CVE) ID: CVE-2017-0185
BugTraq ID: 97437
http://www.securityfocus.com/bid/97437
http://www.securitytracker.com/id/1038230
Common Vulnerability Exposure (CVE) ID: CVE-2017-0186
BugTraq ID: 97438
http://www.securityfocus.com/bid/97438
Common Vulnerability Exposure (CVE) ID: CVE-2017-0188
BugTraq ID: 97475
http://www.securityfocus.com/bid/97475
Common Vulnerability Exposure (CVE) ID: CVE-2017-0189
BugTraq ID: 97420
http://www.securityfocus.com/bid/97420
Common Vulnerability Exposure (CVE) ID: CVE-2017-0191
BugTraq ID: 97466
http://www.securityfocus.com/bid/97466
Common Vulnerability Exposure (CVE) ID: CVE-2017-0192
BugTraq ID: 97452
http://www.securityfocus.com/bid/97452
http://www.securitytracker.com/id/1038231
Common Vulnerability Exposure (CVE) ID: CVE-2017-0202
BugTraq ID: 97441
http://www.securityfocus.com/bid/97441
https://www.exploit-db.com/exploits/41941/
http://www.securitytracker.com/id/1038238
Common Vulnerability Exposure (CVE) ID: CVE-2017-0203
BugTraq ID: 97443
http://www.securityfocus.com/bid/97443
http://www.securitytracker.com/id/1038234
Common Vulnerability Exposure (CVE) ID: CVE-2017-0208
BugTraq ID: 97460
http://www.securityfocus.com/bid/97460
Common Vulnerability Exposure (CVE) ID: CVE-2017-0210
BugTraq ID: 97512
http://www.securityfocus.com/bid/97512
Common Vulnerability Exposure (CVE) ID: CVE-2017-0211
BugTraq ID: 97514
http://www.securityfocus.com/bid/97514
https://www.exploit-db.com/exploits/41902/
http://www.securitytracker.com/id/1038240
Common Vulnerability Exposure (CVE) ID: CVE-2013-6629
BugTraq ID: 63676
http://www.securityfocus.com/bid/63676
Debian Security Information: DSA-2799 (Google Search)
http://www.debian.org/security/2013/dsa-2799
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html
http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://security.gentoo.org/glsa/201606-03
HPdes Security Advisory: HPSBUX03091
http://marc.info/?l=bugtraq&m=140852886808946&w=2
HPdes Security Advisory: HPSBUX03092
http://marc.info/?l=bugtraq&m=140852974709252&w=2
HPdes Security Advisory: SSRT101667
HPdes Security Advisory: SSRT101668
http://www.mandriva.com/security/advisories?name=MDVSA-2013:273
RedHat Security Advisories: RHSA-2013:1803
http://rhn.redhat.com/errata/RHSA-2013-1803.html
RedHat Security Advisories: RHSA-2013:1804
http://rhn.redhat.com/errata/RHSA-2013-1804.html
RedHat Security Advisories: RHSA-2014:0413
https://access.redhat.com/errata/RHSA-2014:0413
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
http://www.securitytracker.com/id/1029470
http://www.securitytracker.com/id/1029476
http://secunia.com/advisories/56175
http://secunia.com/advisories/58974
http://secunia.com/advisories/59058
SuSE Security Announcement: openSUSE-SU-2013:1776 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00025.html
SuSE Security Announcement: openSUSE-SU-2013:1777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00026.html
SuSE Security Announcement: openSUSE-SU-2013:1861 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html
SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html
SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html
SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html
SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html
SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html
SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html
SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html
SuSE Security Announcement: openSUSE-SU-2014:0065 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html
http://www.ubuntu.com/usn/USN-2052-1
http://www.ubuntu.com/usn/USN-2053-1
http://www.ubuntu.com/usn/USN-2060-1
Common Vulnerability Exposure (CVE) ID: CVE-2017-0058
BugTraq ID: 97462
http://www.securityfocus.com/bid/97462
https://www.exploit-db.com/exploits/41879/
Common Vulnerability Exposure (CVE) ID: CVE-2017-0156
BugTraq ID: 97507
http://www.securityfocus.com/bid/97507
http://www.securitytracker.com/id/1038237
Common Vulnerability Exposure (CVE) ID: CVE-2017-0158
BugTraq ID: 97455
http://www.securityfocus.com/bid/97455
Common Vulnerability Exposure (CVE) ID: CVE-2017-0160
BugTraq ID: 97447
http://www.securityfocus.com/bid/97447
https://www.exploit-db.com/exploits/41903/
http://www.securitytracker.com/id/1038236
Common Vulnerability Exposure (CVE) ID: CVE-2017-0162
BugTraq ID: 97461
http://www.securityfocus.com/bid/97461
Common Vulnerability Exposure (CVE) ID: CVE-2017-0163
BugTraq ID: 97465
http://www.securityfocus.com/bid/97465
Common Vulnerability Exposure (CVE) ID: CVE-2017-0165
BugTraq ID: 97467
http://www.securityfocus.com/bid/97467
https://www.exploit-db.com/exploits/41901/
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.