Skip to main content
CVE-2017-0144 HIGH POC KEV EUVD KEV PATCH THREAT Act Now

Remote code execution in Microsoft SMBv1 allows authenticated network attackers to execute arbitrary code on Windows systems via crafted packets. This vulnerability (part of the MS17-010 bulletin and known as 'EternalBlue') is confirmed actively exploited (CISA KEV) with EPSS score of 94.32%, indicating near-certain exploitation probability. Widely weaponized in 2017 WannaCry and NotPetya ransomware campaigns. Affects Windows Vista through Windows 10 1607 and Windows Server 2008-2016, plus Siemens medical imaging systems running vulnerable Windows embedded OS. Multiple public exploits available including DOUBLEPULSAR payload delivery framework.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.3%
Threat
9.6
CVE-2017-0143 HIGH POC KEV PATCH THREAT Act Now

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.0%
Threat
7.6
CVE-2017-0146 HIGH POC KEV PATCH THREAT Act Now

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
93.3%
Threat
7.6
CVE-2017-0145 HIGH POC KEV PATCH THREAT Act Now

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
93.3%
Threat
7.6
CVE-2017-0148 HIGH POC KEV PATCH THREAT Act Now

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
94.1%
Threat
7.4
CVE-2017-0147 HIGH POC KEV PATCH THREAT Act Now

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
92.4%
Threat
7.3
CVE-2017-3881 CRITICAL POC KEV THREAT Emergency

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Cisco HP RCE Apple
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2017-0101 HIGH POC KEV PATCH THREAT Act Now

The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Microsoft
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
67.2%
Threat
6.6
CVE-2017-0059 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
83.9%
Threat
6.4
CVE-2015-3884 HIGH POC THREAT Act Now

Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.9%.

RCE File Upload Qdpm
NVD
CVSS 3.1
8.8
EPSS
72.9%
Threat
5.4
CVE-2017-0022 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Information Disclosure Microsoft
NVD
CVSS 3.1
6.5
EPSS
44.1%
Threat
5.6
CVE-2017-0070 HIGH POC PATCH THREAT Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 84.9%.

Memory Corruption Microsoft Use After Free RCE Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
84.9%
Threat
5.5
CVE-2017-0089 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.2%.

Windows Server 2008 Windows Vista Buffer Overflow RCE Microsoft +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
75.2%
Threat
5.5
CVE-2017-0149 HIGH KEV PATCH THREAT Act Now

Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 41.5%.

Buffer Overflow Memory Corruption Denial Of Service RCE Microsoft
NVD
CVSS 3.1
8.8
EPSS
41.5%
Threat
4.5
CVE-2017-0001 HIGH POC KEV PATCH THREAT Act Now

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.8
EPSS
25.4%
Threat
5.3
CVE-2017-0005 HIGH POC KEV PATCH THREAT Act Now

Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
8.0%
Threat
6.8
CVE-2017-0100 HIGH POC PATCH THREAT Act Now

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 50.3%.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
50.3%
Threat
4.6
CVE-2017-0108 HIGH POC PATCH THREAT Act Now

The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
36.7%
Threat
4.2
CVE-2017-0141 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 51.6%.

RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
51.6%
CVE-2017-0090 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.0%
Threat
4.0
CVE-2017-0088 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.0%
Threat
4.0
CVE-2017-0087 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.0%
Threat
4.0
CVE-2017-0086 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.0%
Threat
4.0
CVE-2017-0083 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
24.0%
Threat
4.0
CVE-2017-0084 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

Buffer Overflow RCE Microsoft Windows 10 Windows 7 +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
23.2%
Threat
4.0
CVE-2014-8722 HIGH POC THREAT Act Now

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.3%.

Information Disclosure Getsimple Cms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
27.3%
CVE-2017-0072 HIGH POC PATCH THREAT Act Now

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008 +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
16.9%
CVE-2017-0016 MEDIUM PATCH This Month

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 49.2%.

Null Pointer Dereference Denial Of Service Microsoft RCE Windows 10 +4
NVD
CVSS 3.0
5.9
EPSS
49.2%
CVE-2017-0104 HIGH PATCH Act Now

The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 34.9%.

Integer Overflow Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 +1
NVD
CVSS 3.0
8.1
EPSS
34.9%
CVE-2017-6880 CRITICAL POC Act Now

Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Cerberus Ftp Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.5%
CVE-2014-8708 CRITICAL POC Act Now

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Pluck
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2017-0105 MEDIUM PATCH This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.2%.

Microsoft Information Disclosure Office Office Compatibility Pack Office Web Apps +4
NVD
CVSS 3.0
5.5
EPSS
43.2%
CVE-2017-0063 MEDIUM POC PATCH THREAT This Month

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
16.3%
CVE-2017-0030 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.1%.

Buffer Overflow RCE Microsoft Denial Of Service Office +4
NVD
CVSS 3.0
7.8
EPSS
28.1%
CVE-2017-6969 CRITICAL POC Act Now

readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2017-0052 HIGH PATCH Act Now

Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.2%.

Buffer Overflow RCE Microsoft Denial Of Service Excel +3
NVD
CVSS 3.0
7.8
EPSS
26.2%
CVE-2017-0006 HIGH PATCH Act Now

Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.2%.

Buffer Overflow RCE Microsoft Denial Of Service Excel +3
NVD
CVSS 3.0
7.8
EPSS
26.2%
CVE-2017-0061 MEDIUM POC PATCH THREAT This Month

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 18.5%.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
18.5%
CVE-2017-0134 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 26.1%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
26.1%
CVE-2017-0071 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 26.1%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
26.1%
CVE-2017-0015 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 26.1%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
26.1%
CVE-2017-0010 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.1%.

RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
25.1%
CVE-2017-0053 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Buffer Overflow RCE Microsoft Denial Of Service Office +3
NVD
CVSS 3.0
7.8
EPSS
23.5%
CVE-2017-0133 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2017-0094 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2017-0014 HIGH PATCH Act Now

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.8%.

RCE Microsoft Office Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.5
EPSS
23.8%
CVE-2017-0034 HIGH PATCH Act Now

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
23.6%
CVE-2017-0031 HIGH PATCH Act Now

Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.9%.

Buffer Overflow RCE Microsoft Denial Of Service Office +2
NVD
CVSS 3.0
7.8
EPSS
21.9%
CVE-2017-0020 HIGH PATCH Act Now

Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.7%.

Buffer Overflow RCE Microsoft Denial Of Service Excel +1
NVD
CVSS 3.0
7.8
EPSS
21.7%
CVE-2017-0023 HIGH PATCH Act Now

The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.4%.

Buffer Overflow RCE Microsoft Edge Windows 10 +3
NVD
CVSS 3.0
7.5
EPSS
22.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy