Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-12 | CVE-2017-11935 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2016 Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | 9.3 |
2017-12-09 | CVE-2017-11294 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave 8.5.1.102 An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. | 10.0 |
2017-12-08 | CVE-2017-11940 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. | 9.3 |
2017-12-07 | CVE-2017-11937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Malware Protection Engine 1.1.10600.0/1.1.10701.0/1.1.14306.0 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. | 9.3 |
2017-12-06 | CVE-2017-17069 | Untrusted Search Path vulnerability in Amazon Audible 2.34.0/2.44.1 ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | 9.3 |
2017-11-20 | CVE-2016-6804 | Permissions, Privileges, and Access Controls vulnerability in Apache Openoffice The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. | 9.3 |
2017-11-17 | CVE-2017-10887 | Untrusted Search Path vulnerability in Bookwalker Book Walker 1.2.5/1.2.9 Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 9.3 |
2017-11-15 | CVE-2017-11884 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel 2016 Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11882 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". | 9.3 |
2017-11-15 | CVE-2017-11854 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office, Office Compatibility Pack and Word Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". | 9.3 |