Skip to main content
CVE-2017-8464 HIGH POC KEV PATCH THREAT Act Now

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Microsoft RCE
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
93.9%
Threat
7.6
CVE-2017-8548 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 75.0%.

Buffer Overflow Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
75.0%
Threat
5.2
CVE-2017-8487 HIGH POC PATCH THREAT Act Now

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.3%.

RCE Microsoft Windows Server 2003 Windows Xp
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
69.3%
Threat
5.1
CVE-2017-0283 HIGH POC PATCH THREAT Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 56.0%.

RCE Microsoft Lync Office Office Word Viewer +8
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
56.0%
Threat
4.9
CVE-2017-8496 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 55.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
55.9%
Threat
4.7
CVE-2017-9675 HIGH POC THREAT Act Now

On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.9%.

D-Link Information Disclosure Dir 605l Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
30.9%
CVE-2017-8461 HIGH POC PATCH Act Now

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Windows Server 2003 Windows Xp
NVD
CVSS 3.1
7.8
EPSS
8.4%
CVE-2017-8510 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.4%.

RCE Microsoft Excel Office Word
NVD
CVSS 3.0
8.8
EPSS
36.4%
CVE-2017-8513 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 36.5%.

Buffer Overflow RCE Microsoft Powerpoint Sharepoint Server
NVD
CVSS 3.0
7.8
EPSS
36.5%
CVE-2017-8506 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 33.9%.

RCE Microsoft Outlook
NVD
CVSS 3.0
7.8
EPSS
33.9%
CVE-2017-8527 HIGH PATCH Act Now

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.8%.

Buffer Overflow RCE Microsoft Lync Office +9
NVD
CVSS 3.0
8.8
EPSS
28.8%
CVE-2017-8528 HIGH PATCH Act Now

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.8%.

Buffer Overflow RCE Microsoft Office Windows 7 +4
NVD
CVSS 3.0
8.8
EPSS
26.8%
CVE-2017-0294 HIGH PATCH Act Now

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.7%.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
28.7%
CVE-2017-0291 HIGH PATCH Act Now

Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.7%.

RCE Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.8
EPSS
28.7%
CVE-2017-0292 HIGH PATCH Act Now

Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.4%.

RCE Microsoft Word Windows 10 Windows 8 1 +3
NVD
CVSS 3.0
7.8
EPSS
28.4%
CVE-2017-0260 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 28.4%.

RCE Microsoft Office Windows 7 Windows Server 2008
NVD
CVSS 3.0
7.8
EPSS
28.4%
CVE-2017-9673 HIGH POC This Week

In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Simplece
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-8507 HIGH PATCH Act Now

A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft Outlook
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2017-8520 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.2%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-8499 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.2%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-8497 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.2%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-8549 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 15.9%.

Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
15.9%
CVE-2017-8521 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 15.9%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
15.9%
CVE-2017-8512 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +3
NVD
CVSS 3.0
8.8
EPSS
8.6%
CVE-2017-8524 HIGH PATCH Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8%.

Buffer Overflow RCE Microsoft Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
13.8%
CVE-2017-8522 HIGH PATCH Act Now

Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8%.

Buffer Overflow RCE Microsoft Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
13.8%
CVE-2017-8517 HIGH PATCH Act Now

Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.8%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
13.8%
CVE-2017-8547 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
13.5%
CVE-2017-8519 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
13.5%
CVE-2017-8509 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Office Office Compatibility Pack Office Web Apps +5
NVD
CVSS 3.0
8.8
EPSS
5.6%
CVE-2017-8465 HIGH PATCH This Week

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
7.8
EPSS
7.0%
CVE-2017-8511 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Office Office Online Server Office Web Apps +3
NVD
CVSS 3.0
7.8
EPSS
6.4%
CVE-2017-0193 HIGH PATCH This Week

Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-8466 HIGH PATCH This Week

Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2017-8468 HIGH PATCH This Week

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-0296 HIGH PATCH This Week

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-8552 HIGH PATCH This Week

A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2017-9670 HIGH PATCH This Week

An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Denial Of Service Gnuplot
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-10395 HIGH This Week

In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Flexnet Publisher
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8460 HIGH PATCH This Week

Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2017-1379 HIGH PATCH This Week

IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7732 HIGH This Week

The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Avira Mobile Security
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-7629 HIGH This Week

QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-0298 HIGH PATCH This Week

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
7.3
EPSS
0.9%
CVE-2017-8494 HIGH PATCH This Week

Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.3
EPSS
0.6%
CVE-2017-9606 HIGH This Week

Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vipnet Client Vipnet Coordinator
NVD GitHub
CVSS 3.0
7.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy