ID de Prueba:	1.3.6.1.4.1.25623.1.0.810808
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Edge Multiple Vulnerabilities (4013071)
Resumen:	This host is missing a critical security; update according to Microsoft Bulletin MS17-007.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS17-007. Vulnerability Insight: Multiple flaws exist due to: - The way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. - Microsoft browser does not properly parse HTTP responses. - Microsoft Edge improperly accesses objects in memory. - Microsoft Windows PDF Library improperly handles objects in memory. - Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code in the context of the current user, gain access to potentially sensitive information, conduct spoofing attacks and bypass same origin policy. Affected Software/OS: - Microsoft Windows 10 x32/x64 - Microsoft Windows Server 2016 x64 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-0009 BugTraq ID: 96077 http://www.securityfocus.com/bid/96077 http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf http://www.securitytracker.com/id/1038006 Common Vulnerability Exposure (CVE) ID: CVE-2017-0010 BugTraq ID: 96059 http://www.securityfocus.com/bid/96059 Common Vulnerability Exposure (CVE) ID: CVE-2017-0011 BugTraq ID: 96064 http://www.securityfocus.com/bid/96064 Common Vulnerability Exposure (CVE) ID: CVE-2017-0012 BugTraq ID: 96085 http://www.securityfocus.com/bid/96085 Common Vulnerability Exposure (CVE) ID: CVE-2017-0015 BugTraq ID: 96079 http://www.securityfocus.com/bid/96079 Common Vulnerability Exposure (CVE) ID: CVE-2017-0017 BugTraq ID: 96078 http://www.securityfocus.com/bid/96078 Common Vulnerability Exposure (CVE) ID: CVE-2017-0023 BugTraq ID: 96075 http://www.securityfocus.com/bid/96075 http://www.securitytracker.com/id/1037989 Common Vulnerability Exposure (CVE) ID: CVE-2017-0032 BugTraq ID: 96080 http://www.securityfocus.com/bid/96080 Common Vulnerability Exposure (CVE) ID: CVE-2017-0033 BugTraq ID: 96087 http://www.securityfocus.com/bid/96087 Common Vulnerability Exposure (CVE) ID: CVE-2017-0034 BugTraq ID: 96786 http://www.securityfocus.com/bid/96786 Common Vulnerability Exposure (CVE) ID: CVE-2017-0035 BugTraq ID: 96082 http://www.securityfocus.com/bid/96082 Common Vulnerability Exposure (CVE) ID: CVE-2017-0037 BugTraq ID: 96088 http://www.securityfocus.com/bid/96088 https://www.exploit-db.com/exploits/41454/ https://www.exploit-db.com/exploits/42354/ https://www.exploit-db.com/exploits/43125/ https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1011 http://www.securitytracker.com/id/1037905 http://www.securitytracker.com/id/1037906 Common Vulnerability Exposure (CVE) ID: CVE-2017-0065 BugTraq ID: 96648 http://www.securityfocus.com/bid/96648 Common Vulnerability Exposure (CVE) ID: CVE-2017-0066 BugTraq ID: 96655 http://www.securityfocus.com/bid/96655 Common Vulnerability Exposure (CVE) ID: CVE-2017-0067 BugTraq ID: 96662 http://www.securityfocus.com/bid/96662 Common Vulnerability Exposure (CVE) ID: CVE-2017-0068 BugTraq ID: 96649 http://www.securityfocus.com/bid/96649 Common Vulnerability Exposure (CVE) ID: CVE-2017-0069 BugTraq ID: 96650 http://www.securityfocus.com/bid/96650 Common Vulnerability Exposure (CVE) ID: CVE-2017-0070 BugTraq ID: 96690 http://www.securityfocus.com/bid/96690 https://www.exploit-db.com/exploits/41623/ Common Vulnerability Exposure (CVE) ID: CVE-2017-0071 BugTraq ID: 96681 http://www.securityfocus.com/bid/96681 Common Vulnerability Exposure (CVE) ID: CVE-2017-0094 BugTraq ID: 96682 http://www.securityfocus.com/bid/96682 Common Vulnerability Exposure (CVE) ID: CVE-2017-0131 BugTraq ID: 96671 http://www.securityfocus.com/bid/96671 Common Vulnerability Exposure (CVE) ID: CVE-2017-0132 BugTraq ID: 96686 http://www.securityfocus.com/bid/96686 Common Vulnerability Exposure (CVE) ID: CVE-2017-0133 BugTraq ID: 96683 http://www.securityfocus.com/bid/96683 Common Vulnerability Exposure (CVE) ID: CVE-2017-0134 BugTraq ID: 96687 http://www.securityfocus.com/bid/96687 Common Vulnerability Exposure (CVE) ID: CVE-2017-0135 BugTraq ID: 96656 http://www.securityfocus.com/bid/96656 https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754 https://www.freebuf.com/articles/web/164871.html Common Vulnerability Exposure (CVE) ID: CVE-2017-0136 BugTraq ID: 96688 http://www.securityfocus.com/bid/96688 Common Vulnerability Exposure (CVE) ID: CVE-2017-0137 BugTraq ID: 96689 http://www.securityfocus.com/bid/96689 Common Vulnerability Exposure (CVE) ID: CVE-2017-0138 BugTraq ID: 96684 http://www.securityfocus.com/bid/96684 Common Vulnerability Exposure (CVE) ID: CVE-2017-0140 BugTraq ID: 96653 http://www.securityfocus.com/bid/96653 Common Vulnerability Exposure (CVE) ID: CVE-2017-0141 BugTraq ID: 96685 http://www.securityfocus.com/bid/96685 http://packetstormsecurity.com/files/172826/Microsoft-ChakaCore-Remote-Code-Execution.html Common Vulnerability Exposure (CVE) ID: CVE-2017-0150 BugTraq ID: 96725 http://www.securityfocus.com/bid/96725 Common Vulnerability Exposure (CVE) ID: CVE-2017-0151 BugTraq ID: 96727 http://www.securityfocus.com/bid/96727
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.