English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.812081
Category:Windows : Microsoft Bulletins
Title:Microsoft Windows Multiple Vulnerabilities (KB4048953)
Summary:This host is missing a critical security; update according to Microsoft KB4048953
Description:Summary:
This host is missing a critical security
update according to Microsoft KB4048953

Vulnerability Insight:
Multiple flaws exist due to:

- An error when the Windows kernel fails to properly initialize a memory address.

- A security feature bypass when Device Guard incorrectly validates an untrusted
file.

- An error in the way that Microsoft Edge handles cross-origin requests.

- An error when the scripting engine does not properly handle objects in memory
in Internet Explorer.

- An error in the way the scripting engine handles objects in memory in Microsoft
browsers.

- An error in the way that the scripting engine handles objects in memory in
Microsoft Edge.

- An error when the Windows GDI component improperly discloses kernel memory
addresses.

- An error when Windows Search improperly handles objects in memory.

- An error when Internet Explorer improperly accesses objects in memory.

- An error in the way that Microsoft browsers access objects in memory.

- An error when the scripting engine does not properly handle objects in
memory in Microsoft browsers.

- An error when the Windows kernel improperly initializes objects in memory.

- An error when Windows Media Player improperly discloses file information.

- An error when Microsoft Edge improperly handles redirect requests.

- An error when the Microsoft Windows Graphics Component improperly handles objects
in memory.

- An error when Internet Explorer improperly handles page content, which could
allow an attacker to detect the navigation of the user leaving a maliciously
crafted page.

- An error in Microsoft Edge when the Edge Content Security Policy (CSP) fails to
properly validate certain specially crafted documents.

- An error when the Windows kernel fails to properly handle objects in memory.

Vulnerability Impact:
Successful exploitation will allow an attacker
to gain access to potentially sensitive information, fake unsigned file appear
to be signed, determine the origin of all web pages in the affected browser,
gain the same user rights as the current user, cause a remote denial of service
against a system, test for the presence of files on disk, force the browser to
send data that would otherwise be restricted to a destination website of the
attacker's choice and run arbitrary code in kernel mode.

Affected Software/OS:
- Microsoft Windows Server 2016

- Microsoft Windows 10 Version 1607 x32/x64

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-11839
BugTraq ID: 101735
http://www.securityfocus.com/bid/101735
https://www.exploit-db.com/exploits/43180/
http://www.securitytracker.com/id/1039780
Common Vulnerability Exposure (CVE) ID: CVE-2017-11840
BugTraq ID: 101734
http://www.securityfocus.com/bid/101734
https://www.exploit-db.com/exploits/43183/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11841
BugTraq ID: 101733
http://www.securityfocus.com/bid/101733
https://www.exploit-db.com/exploits/43181/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11842
BugTraq ID: 101719
http://www.securityfocus.com/bid/101719
http://www.securitytracker.com/id/1039782
Common Vulnerability Exposure (CVE) ID: CVE-2017-11843
BugTraq ID: 101740
http://www.securityfocus.com/bid/101740
http://www.securitytracker.com/id/1039781
Common Vulnerability Exposure (CVE) ID: CVE-2017-11768
BugTraq ID: 101705
http://www.securityfocus.com/bid/101705
http://www.securitytracker.com/id/1039794
Common Vulnerability Exposure (CVE) ID: CVE-2017-11880
BugTraq ID: 101755
http://www.securityfocus.com/bid/101755
Common Vulnerability Exposure (CVE) ID: CVE-2017-11788
BugTraq ID: 101711
http://www.securityfocus.com/bid/101711
http://www.securitytracker.com/id/1039792
Common Vulnerability Exposure (CVE) ID: CVE-2017-11791
BugTraq ID: 101715
http://www.securityfocus.com/bid/101715
http://www.securitytracker.com/id/1039796
http://www.securitytracker.com/id/1039797
Common Vulnerability Exposure (CVE) ID: CVE-2017-11827
BugTraq ID: 101703
http://www.securityfocus.com/bid/101703
Common Vulnerability Exposure (CVE) ID: CVE-2017-11830
BugTraq ID: 101714
http://www.securityfocus.com/bid/101714
https://www.exploit-db.com/exploits/43162/
http://www.securitytracker.com/id/1039790
Common Vulnerability Exposure (CVE) ID: CVE-2017-11831
BugTraq ID: 101721
http://www.securityfocus.com/bid/101721
https://www.exploit-db.com/exploits/43165/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11833
BugTraq ID: 101706
http://www.securityfocus.com/bid/101706
Common Vulnerability Exposure (CVE) ID: CVE-2017-11834
BugTraq ID: 101725
http://www.securityfocus.com/bid/101725
Common Vulnerability Exposure (CVE) ID: CVE-2017-11836
BugTraq ID: 101727
http://www.securityfocus.com/bid/101727
Common Vulnerability Exposure (CVE) ID: CVE-2017-11837
BugTraq ID: 101722
http://www.securityfocus.com/bid/101722
Common Vulnerability Exposure (CVE) ID: CVE-2017-11838
BugTraq ID: 101737
http://www.securityfocus.com/bid/101737
Common Vulnerability Exposure (CVE) ID: CVE-2017-11846
BugTraq ID: 101741
http://www.securityfocus.com/bid/101741
Common Vulnerability Exposure (CVE) ID: CVE-2017-11847
BugTraq ID: 101729
http://www.securityfocus.com/bid/101729
Common Vulnerability Exposure (CVE) ID: CVE-2017-11848
BugTraq ID: 101709
http://www.securityfocus.com/bid/101709
Common Vulnerability Exposure (CVE) ID: CVE-2017-11849
BugTraq ID: 101762
http://www.securityfocus.com/bid/101762
Common Vulnerability Exposure (CVE) ID: CVE-2017-11850
BugTraq ID: 101738
http://www.securityfocus.com/bid/101738
Common Vulnerability Exposure (CVE) ID: CVE-2017-11851
BugTraq ID: 101763
http://www.securityfocus.com/bid/101763
Common Vulnerability Exposure (CVE) ID: CVE-2017-11853
BugTraq ID: 101764
http://www.securityfocus.com/bid/101764
Common Vulnerability Exposure (CVE) ID: CVE-2017-11855
BugTraq ID: 101751
http://www.securityfocus.com/bid/101751
https://www.exploit-db.com/exploits/43371/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11856
BugTraq ID: 101753
http://www.securityfocus.com/bid/101753
Common Vulnerability Exposure (CVE) ID: CVE-2017-11858
BugTraq ID: 101716
http://www.securityfocus.com/bid/101716
Common Vulnerability Exposure (CVE) ID: CVE-2017-11861
BugTraq ID: 101723
http://www.securityfocus.com/bid/101723
https://www.exploit-db.com/exploits/43153/
Common Vulnerability Exposure (CVE) ID: CVE-2017-11863
BugTraq ID: 101748
http://www.securityfocus.com/bid/101748
http://www.securitytracker.com/id/1039801
Common Vulnerability Exposure (CVE) ID: CVE-2017-11866
BugTraq ID: 101732
http://www.securityfocus.com/bid/101732
Common Vulnerability Exposure (CVE) ID: CVE-2017-11869
BugTraq ID: 101742
http://www.securityfocus.com/bid/101742
Common Vulnerability Exposure (CVE) ID: CVE-2017-11872
BugTraq ID: 101749
http://www.securityfocus.com/bid/101749
Common Vulnerability Exposure (CVE) ID: CVE-2017-11873
BugTraq ID: 101728
http://www.securityfocus.com/bid/101728
https://www.exploit-db.com/exploits/43154/
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.