An Information Disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver of Microsoft Windows. The vulnerability is due to the way Windows improperly handles objects in memory. An attacker could exploit this vulnerability to bypass security measures on the affected system allowing further exploitation.
Category Archives: Checkpoint
Checkpoint
Microsoft Office Memory Corruption (CVE-2017-0194)
An Out-of-Bounds-Write vulnerability exists in Microsoft Office. The vulnerability is due to a failure of Office software to properly handle objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
Microsoft Edge Memory Corruption (CVE-2017-0205)
A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.
Microsoft Outlook Remote Code Execution (CVE-2017-0199)
A remote code execution vulnerability exists in Microsoft Outlook. The vulnerability is due to the way that Microsoft Outlook parses specially crafted email messages. Successful exploitation of this vulnerability may result to take control of an affected system.
Microsoft Windows Kernel Information Disclosure (CVE-2017-0167)
An information disclosure vulnerability exists within Microsoft Windows. The vulnerability is caused when Microsoft Windows kernel improperly handles objects in memory. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel.
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)
A Use-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates the assignment of dynamic-array variables. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page.
Microsoft Edge Memory Corruption (CVE-2017-0200)
A type confusion memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user.
Microsoft ATMFD.dll Information Disclosure (CVE-2017-0192)
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll). The vulnerability is caused when the Adobe Type Manager Font Driver (ATMFD.dll) improperly handles objects in memory. An attacker can exploit this vulnerability by enticing a user to open a specially crafted document resulting in undesired information disclosure.
Microsoft Win32k Elevation of Privilege (CVE-2017-0189)
An elevation of privilege vulnerability exists in Windows. The vulnerability occurs when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode with full user rights.
Microsoft Windows Graphics Elevation of Privilege (CVE-2017-0155)
An elevation of privilege vulnerability exists in Windows Graphics Device Interface (GDI). The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted file.