Skip to main content
CVE-2017-8759 HIGH POC KEV PATCH THREAT Act Now

Remote code execution in Microsoft .NET Framework versions 2.0 through 4.7 allows attackers to execute arbitrary code via malicious documents or applications. This vulnerability is confirmed actively exploited (CISA KEV) and carries an EPSS exploitation probability of 93.97% (100th percentile), indicating near-certain real-world targeting. Public exploit code is available from multiple sources including GitHub repositories. The attack requires local access and user interaction (opening a weaponized document), but no authentication, making it highly effective in phishing and watering hole campaigns.

Code Injection Microsoft RCE
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
94.0%
Threat
9.4
CVE-2017-8740 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.2%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2017-8729 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.2%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
78.2%
Threat
5.3
CVE-2017-8755 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 77.0%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
77.0%
Threat
5.3
CVE-2017-11764 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 76.7%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.7%
Threat
5.3
CVE-2017-8682 HIGH POC PATCH THREAT Act Now

Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 66.0%.

RCE Microsoft Office 2007 Office 2010 Office Word Viewer +7
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
66.0%
Threat
5.2
CVE-2017-8734 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 70.0%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
70.0%
Threat
5.1
CVE-2017-8731 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 61.7%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
61.7%
Threat
4.8
CVE-2017-8751 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 54.0%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
54.0%
Threat
4.6
CVE-2017-8742 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 36.5%.

Buffer Overflow RCE Microsoft Office Compatibility Pack Office Web Apps +5
NVD
CVSS 3.0
7.8
EPSS
36.5%
CVE-2017-8757 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 34.2%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
34.2%
CVE-2017-8737 HIGH PATCH Act Now

Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 34.2%.

Buffer Overflow RCE Microsoft Edge Windows 8 1 +2
NVD
CVSS 3.0
7.5
EPSS
34.2%
CVE-2017-8728 HIGH PATCH Act Now

Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 34.2%.

Buffer Overflow RCE Microsoft Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
7.5
EPSS
34.2%
CVE-2017-8743 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Office Online Server Powerpoint +1
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-8725 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Publisher
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-8567 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 32.4%.

Buffer Overflow RCE Microsoft Excel For Mac
NVD
CVSS 3.0
7.8
EPSS
32.4%
CVE-2017-8699 HIGH PATCH Act Now

Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Epss exploitation probability 30.6%.

RCE Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
30.6%
CVE-2017-2816 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libofx Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-8744 HIGH POC PATCH This Week

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Java Apache Brooklyn
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2017-8692 HIGH PATCH Act Now

The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 25.6%.

Buffer Overflow RCE Microsoft Windows 10 Windows Rt 8 1 +2
NVD
CVSS 3.0
7.5
EPSS
25.6%
CVE-2017-14405 HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Eyesofnetwork
NVD
CVSS 3.0
7.2
EPSS
6.9%
CVE-2017-8744 HIGH PATCH Act Now

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2017-8630 HIGH PATCH Act Now

Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Buffer Overflow RCE Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
22.8%
CVE-2017-6008 HIGH POC This Week

A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
2.8%
CVE-2017-14418 HIGH POC This Week

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2017-8631 HIGH PATCH Act Now

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.4%.

Buffer Overflow RCE Microsoft Excel Excel Viewer +4
NVD
CVSS 3.1
7.8
EPSS
21.4%
CVE-2017-8660 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.2%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
8.8
EPSS
16.2%
CVE-2017-8750 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.0%.

Buffer Overflow RCE Microsoft Internet Explorer Edge
NVD
CVSS 3.0
7.5
EPSS
22.0%
CVE-2017-8748 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.0%.

Buffer Overflow RCE Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
22.0%
CVE-2017-8741 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.0%.

Buffer Overflow RCE Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
22.0%
CVE-2017-14428 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14427 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14426 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14425 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-14424 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Privilege Escalation Dir 850L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-7441 HIGH POC This Week

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Sophos Hitmanpro
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-8696 HIGH PATCH Act Now

Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.5%.

Buffer Overflow RCE Microsoft Live Meeting Lync +7
NVD
CVSS 3.0
7.5
EPSS
21.5%
CVE-2017-14430 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2017-8632 HIGH PATCH Act Now

A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.0%.

Buffer Overflow RCE Microsoft Excel Excel For Mac +2
NVD
CVSS 3.0
7.8
EPSS
19.0%
CVE-2017-8756 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-8753 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-8752 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-8749 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-8747 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-8738 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-11766 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.5%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
20.5%
CVE-2017-14422 HIGH POC This Week

D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-14404 HIGH POC This Week

The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Eyesofnetwork
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-14423 HIGH POC This Week

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure Dir 850L Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2017-0161 HIGH PATCH Act Now

The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.8%.

RCE Race Condition Microsoft Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.1
EPSS
16.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy