Vulnerabilities > Microsoft > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-03-17 CVE-2017-0049 Information Exposure vulnerability in Microsoft Internet Explorer 11
The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037.
network
low complexity
microsoft CWE-200
4.3
2017-03-17 CVE-2017-0045 Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
local
low complexity
microsoft CWE-352
5.5
2017-03-17 CVE-2017-0043 Information Exposure vulnerability in Microsoft products
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."
high complexity
microsoft CWE-200
5.3
2017-03-17 CVE-2017-0033 Improper Input Validation vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.
network
low complexity
microsoft CWE-20
4.3
2017-03-17 CVE-2017-0029 Unspecified vulnerability in Microsoft Office and Word
Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
local
low complexity
microsoft
5.5
2017-03-17 CVE-2017-0027 Information Exposure vulnerability in Microsoft Excel, Office Compatibility Pack and Sharepoint Server
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
local
high complexity
microsoft CWE-200
4.7
2017-03-17 CVE-2017-0022 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-119
6.5
2017-03-17 CVE-2017-0017 Cross-site Scripting vulnerability in Microsoft Edge
The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068.
network
low complexity
microsoft CWE-79
6.1
2017-03-17 CVE-2017-0016 NULL Pointer Dereference vulnerability in Microsoft products
Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."
network
high complexity
microsoft CWE-476
5.9
2017-03-17 CVE-2017-0012 Improper Input Validation vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.
network
low complexity
microsoft CWE-20
4.3