Search

Find a vulnerability

Search criteria

    86 vulnerabilities found for lync by microsoft

    CVE-2020-1025 (GCVE-0-2020-1025)

    Vulnerability from nvd – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
    VLAI
    Title
    Microsoft Office Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype for Business Server 2019 CU2 Affected: 7.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Skype for Business Server 2015 CU 8 Affected: 2015 CU 8 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft Lync Server 2013 Affected: 0 , < publication (custom)
        cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Foundation 2013 Service Pack 1 Affected: 15.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2020-07-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:24:59.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU 8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2015 CU 8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-28T20:54:51.253Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
            }
          ],
          "title": "Microsoft Office Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1025",
        "datePublished": "2020-07-14T22:53:56.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:24:59.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1209 (GCVE-0-2019-1209)

    Vulnerability from nvd – Published: 2019-09-11 21:24 – Updated: 2024-08-04 18:13
    VLAI
    Summary
    An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Lync Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:57.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Lync Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1209",
        "datePublished": "2019-09-11T21:24:57.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:13:29.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8546 (GCVE-0-2018-8546)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105802 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042125 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Affected: Business 2016 Basic (32-bit)
    Affected: Business 2016 Basic (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Affected: Basic 2013 Service Pack 1 (32-bit)
    Affected: Basic 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
              },
              {
                "name": "105802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105802"
              },
              {
                "name": "1042125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
            },
            {
              "name": "105802",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105802"
            },
            {
              "name": "1042125",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
                },
                {
                  "name": "105802",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105802"
                },
                {
                  "name": "1042125",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8546",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8311 (GCVE-0-2018-8311)

    Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104624 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041259 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1041260 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:35.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104624",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104624"
              },
              {
                "name": "1041259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041259"
              },
              {
                "name": "1041260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104624",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104624",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104624"
                },
                {
                  "name": "1041259",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041259"
                },
                {
                  "name": "1041260",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041260"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8311",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:35.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8238 (GCVE-0-2018-8238)

    Vulnerability from nvd – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:13.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104619",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104619",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104619"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8238",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:13.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11786 (GCVE-0-2017-11786)

    Vulnerability from nvd – Published: 2017-10-13 13:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101156 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039530 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Skype for Business Affected: Microsoft Lync 2013 SP1 and Skype for Business 2016
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:38.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
              },
              {
                "name": "1039530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-14T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "101156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
            },
            {
              "name": "1039530",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-11786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101156"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
                },
                {
                  "name": "1039530",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11786",
        "datePublished": "2017-10-13T13:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:43.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8696 (GCVE-0-2017-8696)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100780 vdb-entryx_refsource_BID
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
              },
              {
                "name": "100780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100780"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
            },
            {
              "name": "100780",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100780"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
                },
                {
                  "name": "100780",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100780"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8696",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:24.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8695 (GCVE-0-2017-8695)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100773 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Uniscribe Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100773"
              },
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100773"
            },
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100773"
                },
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8695",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:22.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8676 (GCVE-0-2017-8676)

    Vulnerability from nvd – Published: 2017-09-13 01:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100755 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039333 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Device Interface (GDI) Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100755"
              },
              {
                "name": "1039333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Device Interface (GDI)",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100755",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100755"
            },
            {
              "name": "1039333",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Device Interface (GDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100755",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100755"
                },
                {
                  "name": "1039333",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039333"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8676",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:38.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8527 (GCVE-0-2017-8527)

    Vulnerability from nvd – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038680 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/98933 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Graphics Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:22.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038680"
              },
              {
                "name": "98933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Graphics",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038680"
            },
            {
              "name": "98933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Graphics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038680"
                },
                {
                  "name": "98933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98933"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8527",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0283 (GCVE-0-2017-0283)

    Vulnerability from nvd – Published: 2017-06-15 01:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Uniscribe Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows.
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:55.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42234",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42234/"
              },
              {
                "name": "1038675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038675"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
              },
              {
                "name": "98920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98920"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "42234",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42234/"
            },
            {
              "name": "1038675",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038675"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
            },
            {
              "name": "98920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98920"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42234",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42234/"
                },
                {
                  "name": "1038675",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038675"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
                },
                {
                  "name": "98920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98920"
                },
                {
                  "name": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html",
                  "refsource": "MISC",
                  "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0283",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:55.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0108 (GCVE-0-2017-0108)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96722 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/41647/ exploitx_refsource_EXPLOIT-DB
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Component Affected: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "name": "41647",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41647/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Component",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "name": "41647",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41647/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Component",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96722"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "41647",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41647/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0108",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0073 (GCVE-0-2017-0073)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96637 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows GDI+ Affected: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
              },
              {
                "name": "96637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96637"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows GDI+",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Windows GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
            },
            {
              "name": "96637",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96637"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows GDI+",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Windows GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
                },
                {
                  "name": "96637",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96637"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0073",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:19.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0060 (GCVE-0-2017-0060)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96713 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/41656/ exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows GDI+ Affected: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96713",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96713"
              },
              {
                "name": "41656",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41656/"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows GDI+",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96713",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96713"
            },
            {
              "name": "41656",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41656/"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0060",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows GDI+",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96713",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96713"
                },
                {
                  "name": "41656",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41656/"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0060",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1025 (GCVE-0-2020-1025)

    Vulnerability from cvelistv5 – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
    VLAI
    Title
    Microsoft Office Elevation of Privilege Vulnerability
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype for Business Server 2019 CU2 Affected: 7.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Skype for Business Server 2015 CU 8 Affected: 2015 CU 8 , < publication (custom)
        cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft Lync Server 2013 Affected: 0 , < publication (custom)
        cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Enterprise Server 2016 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server 2019 Affected: 16.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
    Create a notification for this product.
    Microsoft Microsoft SharePoint Foundation 2013 Service Pack 1 Affected: 15.0.0 , < publication (custom)
        cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2020-07-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:24:59.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2019  CU2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Skype for Business Server 2015 CU 8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "2015 CU 8",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Lync Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Enterprise Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
              ],
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-28T20:54:51.253Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
            }
          ],
          "title": "Microsoft Office Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-1025",
        "datePublished": "2020-07-14T22:53:56.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:24:59.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1209 (GCVE-0-2019-1209)

    Vulnerability from cvelistv5 – Published: 2019-09-11 21:24 – Updated: 2024-08-04 18:13
    VLAI
    Summary
    An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:29.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Lync Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-11T21:24:57.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1209",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Lync Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists in Lync 2013, aka \u0027Lync 2013 Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1209"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1209",
        "datePublished": "2019-09-11T21:24:57.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:13:29.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8546 (GCVE-0-2018-8546)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105802 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042125 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Affected: Business 2016 Basic (32-bit)
    Affected: Business 2016 Basic (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Affected: Basic 2013 Service Pack 1 (32-bit)
    Affected: Basic 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
              },
              {
                "name": "105802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105802"
              },
              {
                "name": "1042125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 Basic (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Basic 2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
            },
            {
              "name": "105802",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105802"
            },
            {
              "name": "1042125",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 Basic (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "Basic 2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A denial of service vulnerability exists in Skype for Business, aka \"Microsoft Skype for Business Denial of Service Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8546"
                },
                {
                  "name": "105802",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105802"
                },
                {
                  "name": "1042125",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8546",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8311 (GCVE-0-2018-8311)

    Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/104624 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041259 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id/1041260 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:35.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104624",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104624"
              },
              {
                "name": "1041259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041259"
              },
              {
                "name": "1041260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041260"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104624",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104624"
            },
            {
              "name": "1041259",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041259"
            },
            {
              "name": "1041260",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041260"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka \"Remote Code Execution Vulnerability in Skype For Business and Lync.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104624",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104624"
                },
                {
                  "name": "1041259",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041259"
                },
                {
                  "name": "1041260",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041260"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8311"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8311",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:35.227Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8238 (GCVE-0-2018-8238)

    Vulnerability from cvelistv5 – Published: 2018-07-11 00:00 – Updated: 2024-08-05 06:46
    VLAI
    Summary
    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
    Severity
    No CVSS data available.
    CWE
    • Security Feature Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Skype Affected: Business 2016 (32-bit)
    Affected: Business 2016 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:13.830Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104619"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Business 2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "Business 2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Feature Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "104619",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104619"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Business 2016 (32-bit)"
                              },
                              {
                                "version_value": "Business 2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Feature Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104619",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104619"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8238",
        "datePublished": "2018-07-11T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:46:13.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11786 (GCVE-0-2017-11786)

    Vulnerability from cvelistv5 – Published: 2017-10-13 13:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/101156 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1039530 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Corporation Skype for Business Affected: Microsoft Lync 2013 SP1 and Skype for Business 2016
    Create a notification for this product.
    Date Public
    2017-10-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:19:38.921Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101156",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
              },
              {
                "name": "1039530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039530"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Skype for Business",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-14T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "101156",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
            },
            {
              "name": "1039530",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039530"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-10-10T00:00:00",
              "ID": "CVE-2017-11786",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Lync 2013 SP1 and Skype for Business 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka \"Skype for Business Elevation of Privilege Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101156",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101156"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11786"
                },
                {
                  "name": "1039530",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039530"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-11786",
        "datePublished": "2017-10-13T13:00:00.000Z",
        "dateReserved": "2017-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:43.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8695 (GCVE-0-2017-8695)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100773 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Uniscribe Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.291Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100773"
              },
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100773"
            },
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user\u0027s system via a specially crafted document or an untrusted webpage, aka \"Graphics Component Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100773"
                },
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8695",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:22.128Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8696 (GCVE-0-2017-8696)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039344 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/100780 vdb-entryx_refsource_BID
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.215Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039344",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039344"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
              },
              {
                "name": "100780",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100780"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1039344",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039344"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
            },
            {
              "name": "100780",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100780"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka \"Microsoft Graphics Component Remote Code Execution.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039344",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039344"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8696"
                },
                {
                  "name": "100780",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100780"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8696",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:24.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8676 (GCVE-0-2017-8676)

    Vulnerability from cvelistv5 – Published: 2017-09-13 01:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/100755 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1039333 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Device Interface (GDI) Affected: Microsoft Windows Server 2008 SP2 and R2 SP1
    Affected: Windows 7 SP1
    Affected: Windows 8.1
    Affected: Windows Server 2012 Gold and R2
    Affected: Windows RT 8.1
    Affected: Windows 10 Gold, 1511, 1607, 1703, and Server 2016
    Affected: Office 2007 SP3
    Affected: Office 2010 SP2
    Affected: Word Viewer
    Affected: Office for Mac 2011 and 2016
    Affected: Skype for Business 2016
    Affected: Lync 2013 SP1
    Affected: Lync 2010
    Affected: Lync 2010 Attendee
    Affected: Live Meeting 2007 Add-in and Console
    Create a notification for this product.
    Date Public
    2017-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:24.414Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100755"
              },
              {
                "name": "1039333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Device Interface (GDI)",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 7 SP1"
                },
                {
                  "status": "affected",
                  "version": "Windows 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows Server 2012 Gold and R2"
                },
                {
                  "status": "affected",
                  "version": "Windows RT 8.1"
                },
                {
                  "status": "affected",
                  "version": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Office 2007 SP3"
                },
                {
                  "status": "affected",
                  "version": "Office 2010 SP2"
                },
                {
                  "status": "affected",
                  "version": "Word Viewer"
                },
                {
                  "status": "affected",
                  "version": "Office for Mac 2011 and 2016"
                },
                {
                  "status": "affected",
                  "version": "Skype for Business 2016"
                },
                {
                  "status": "affected",
                  "version": "Lync 2013 SP1"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010"
                },
                {
                  "status": "affected",
                  "version": "Lync 2010 Attendee"
                },
                {
                  "status": "affected",
                  "version": "Live Meeting 2007 Add-in and Console"
                }
              ]
            }
          ],
          "datePublic": "2017-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "100755",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100755"
            },
            {
              "name": "1039333",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "DATE_PUBLIC": "2017-09-12T00:00:00",
              "ID": "CVE-2017-8676",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Device Interface (GDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1"
                              },
                              {
                                "version_value": "Windows 7 SP1"
                              },
                              {
                                "version_value": "Windows 8.1"
                              },
                              {
                                "version_value": "Windows Server 2012 Gold and R2"
                              },
                              {
                                "version_value": "Windows RT 8.1"
                              },
                              {
                                "version_value": "Windows 10 Gold, 1511, 1607, 1703, and Server 2016"
                              },
                              {
                                "version_value": "Office 2007 SP3"
                              },
                              {
                                "version_value": "Office 2010 SP2"
                              },
                              {
                                "version_value": "Word Viewer"
                              },
                              {
                                "version_value": "Office for Mac 2011 and 2016"
                              },
                              {
                                "version_value": "Skype for Business 2016"
                              },
                              {
                                "version_value": "Lync 2013 SP1"
                              },
                              {
                                "version_value": "Lync 2010"
                              },
                              {
                                "version_value": "Lync 2010 Attendee"
                              },
                              {
                                "version_value": "Live Meeting 2007 Add-in and Console"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka \"Windows GDI+ Information Disclosure Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100755",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100755"
                },
                {
                  "name": "1039333",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039333"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8676"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8676",
        "datePublished": "2017-09-13T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:38.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8527 (GCVE-0-2017-8527)

    Vulnerability from cvelistv5 – Published: 2017-06-15 01:00 – Updated: 2024-08-05 16:41
    VLAI
    Summary
    Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038680 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/98933 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Graphics Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:41:22.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038680",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038680"
              },
              {
                "name": "98933",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98933"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Graphics",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038680",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038680"
            },
            {
              "name": "98933",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98933"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-8527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Graphics",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038680",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038680"
                },
                {
                  "name": "98933",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98933"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-8527",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2017-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T16:41:22.254Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0283 (GCVE-0-2017-0283)

    Vulnerability from cvelistv5 – Published: 2017-06-15 01:00 – Updated: 2024-08-05 13:03
    VLAI
    Summary
    Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Uniscribe Affected: Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows.
    Create a notification for this product.
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:03:55.838Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42234",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42234/"
              },
              {
                "name": "1038675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038675"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
              },
              {
                "name": "98920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98920"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Uniscribe",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T14:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "42234",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42234/"
            },
            {
              "name": "1038675",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038675"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
            },
            {
              "name": "98920",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98920"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0283",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Uniscribe",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8528."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42234",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42234/"
                },
                {
                  "name": "1038675",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038675"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0283"
                },
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1198"
                },
                {
                  "name": "98920",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98920"
                },
                {
                  "name": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html",
                  "refsource": "MISC",
                  "url": "https://0patch.blogspot.com/2017/07/0patching-quick-brown-fox-of-cve-2017.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0283",
        "datePublished": "2017-06-15T01:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:03:55.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0073 (GCVE-0-2017-0073)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/96637 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows GDI+ Affected: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
              },
              {
                "name": "96637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96637"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows GDI+",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Windows GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
            },
            {
              "name": "96637",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96637"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows GDI+",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Windows GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0073"
                },
                {
                  "name": "96637",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96637"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0073",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:19.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0108 (GCVE-0-2017-0108)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96722 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://www.exploit-db.com/exploits/41647/ exploitx_refsource_EXPLOIT-DB
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows Graphics Component Affected: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96722",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96722"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "name": "41647",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41647/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows Graphics Component",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96722",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96722"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "name": "41647",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41647/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows Graphics Component",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka \"Graphics Component Remote Code Execution Vulnerability.\" This vulnerability is different from that described in CVE-2017-0014."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96722",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96722"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0108"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "41647",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41647/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0108",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0060 (GCVE-0-2017-0060)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2024-08-05 12:55
    VLAI
    Summary
    The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/96713 vdb-entryx_refsource_BID
    https://www.exploit-db.com/exploits/41656/ exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id/1038002 vdb-entryx_refsource_SECTRACK
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows GDI+ Affected: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "96713",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96713"
              },
              {
                "name": "41656",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41656/"
              },
              {
                "name": "1038002",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038002"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows GDI+",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-15T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "96713",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96713"
            },
            {
              "name": "41656",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41656/"
            },
            {
              "name": "1038002",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038002"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0060",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows GDI+",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "96713",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96713"
                },
                {
                  "name": "41656",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41656/"
                },
                {
                  "name": "1038002",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038002"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0060",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-05T12:55:18.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }