>> ARCHIVE: 2017-03

Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability around USP10!BuildFSM.

Microsoft Windows suffers from a uniscribe font processing buffer overflow vulnerability in USP10!FillAlternatesList.

Microsoft Windows suffers from uniscribe font processing heap-based out-of-bounds and wild read vulnerabilities.

Microsoft GDI+ suffers from an out-of-bounds read vulnerability in gdiplus!GetRECTSForPlayback.

The Microsoft Color Management module suffers from out-of-bounds read vulnerability in icm32!Fill_ushort_ELUTs_from_lut16Tag.

Microsoft Windows Uniscribe heap-based out-of-bounds read in USP10!ScriptApplyLogicalWidth, trigger via EMF.

Microsoft Windows Color Management library suffers from a crash vulnerability.

Microsoft Internet Explorer textarea.defaultValue suffers from a memory disclosure vulnerability.

QEMU suffers from a user-to-root privilege escalation vulnerability inside a VM due to bad translation caching.

SAP NetWeaver UMEADMIN versions 7.00 through 7.50 suffer from a flaw where an authenticated user, via web administration, can trigger directory creation anywhere where the SAP OS user has access.