A vulnerability in Microsoft Windows could allow a remote attacker to gain access to sensitive information. The flaw lies in the gdi32.dll in Graphics Device Interface and can be exploited via a crafted EMF file. Proof-of-concept code was released by Google on February 14, 2017.
Adobe Flash Player 220.127.116.11 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
A vulnerability in Microsoft Edge could result in the execution of arbitrary code or a denial of service. The flaw lies in the scripting engines and could be exploited by a crafted web site. Proof-of-concept code was released by Google on February 9, 2017.