Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (with RPC initialization).
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6."
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.
The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges
The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082.
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.
All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025.
The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.
The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082.
The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082.
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.
The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.
Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges.
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges.
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability."