Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-04-12 CVE-2017-3011 Integer Overflow or Wraparound vulnerability in Adobe products
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter.
local
low complexity
adobe CWE-190
7.8
2017-04-12 CVE-2017-3007 Untrusted Search Path vulnerability in Adobe Creative Cloud
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the directory search path used to find resources, related to Creative Cloud desktop applications.
local
low complexity
adobe CWE-426
7.8
2017-04-12 CVE-2017-3006 Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud
Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.
network
low complexity
adobe CWE-732
8.8
2017-04-12 CVE-2017-3005 Unquoted Search Path or Element vulnerability in Adobe Photoshop CC
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have an unquoted search path vulnerability.
local
low complexity
adobe CWE-428
7.8
2017-04-12 CVE-2017-3004 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Photoshop CC
Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files.
local
low complexity
adobe CWE-119
7.8
2017-04-12 CVE-2017-2989 Improper Input Validation vulnerability in Adobe Campaign 6.11
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database.
network
low complexity
adobe CWE-20
critical
9.1
2017-04-12 CVE-2017-0211 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-610
5.5
2017-04-12 CVE-2017-0210 Unspecified vulnerability in Microsoft Internet Explorer 10/11
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
network
low complexity
microsoft
8.8
2017-04-12 CVE-2017-0208 Information Exposure vulnerability in Microsoft Edge
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory.
network
low complexity
microsoft CWE-200
4.3
2017-04-12 CVE-2017-0207 Unspecified vulnerability in Microsoft Outlook 2011
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
network
low complexity
microsoft
6.5