SynopsisThe remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is missing security update 4014329. It is, therefore, affected by multiple vulnerabilities :
- A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2017-2997)
- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2017-2998, CVE-2017-2999)
- An unspecified flaw exists in the random number generator used for constant binding that allows an attacker to disclose sensitive information.
- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003)
SolutionMicrosoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.