CVE-2016-7386 – NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace
https://notcve.org/view.php?id=CVE-2016-7386
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 en versiones anteriores a 342.00 y R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgDdiEscape ID 0x70000D4 lo que podría conducir al filtrado de contenidos de la memoria del kernel al espacio de usuario a través de un búfer no iniciado. • https://www.exploit-db.com/exploits/40656 http://nvidia.custhelp.com/app/answers/detail/a_id/4247 http://www.securityfocus.com/bid/93982 https://support.lenovo.com/us/en/solutions/LEN-10822 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7390 – NVIDIA Driver - No Bounds Checking in Escape 0x7000194
https://notcve.org/view.php?id=CVE-2016-7390
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 en versiones anteriores a 342.00 y R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgDdiEscape ID 0x7000194 donde un valor pasado de un usuario al controlador es utilizado sin validación como el índice de una matriz interna, conduciendo a una denegación de servicio o potencial escalada de privilegios. • https://www.exploit-db.com/exploits/40658 http://nvidia.custhelp.com/app/answers/detail/a_id/4247 http://www.securityfocus.com/bid/93984 https://support.lenovo.com/us/en/solutions/LEN-10822 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7384 – NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-7384
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where unchecked input/output lengths in UVMLiteController Device IO Control handling may lead to denial of service or potential escalation of privileges. Para los productos NVIDIA Quadro, NVS y GeForce, NVIDIA Windows GPU Display Driver R340 en versiones anteriores a 342.00 y R375 en versiones anteriores a 375.63 contiene una vulnerabilidad en la capa de modo kernel (nvlddmkm.sys) donde hay longitudes de entrada/salida no verificadas en el manejo de UVMLiteController Device IO Control podría conducir a una denegación de servicio o potencial escalada de privilegios. • https://www.exploit-db.com/exploits/40655 http://nvidia.custhelp.com/app/answers/detail/a_id/4247 http://www.securityfocus.com/bid/93983 https://support.lenovo.com/us/en/solutions/LEN-10822 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-7185 – Microsoft Windows - DFS Client Driver Arbitrary Drive Mapping Privilege Escalation (MS16-123)
https://notcve.org/view.php?id=CVE-2016-7185
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7211. Los drivers kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, una vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". ... The Windows DFS Client driver and running by default insecurely creates and deletes drive letter symbolic links in the current user context leading to elevation of privilege. • https://www.exploit-db.com/exploits/40572 http://www.securityfocus.com/bid/93389 http://www.securitytracker.com/id/1036996 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-3238
https://notcve.org/view.php?id=CVE-2016-3238
The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability." El servicio Print Spooler en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes man-in-the-middle ejecutar código arbitrario proveyendo un controlador de impresión manipulado durante la instalación de la impresora, también conocida como "Windows Print Spooler Remote Code Execution Vulnerability". • https://github.com/pyiesone/CVE-2016-3238-PoC http://www.securityfocus.com/bid/91609 http://www.securitytracker.com/id/1036277 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-087 • CWE-254: 7PK - Security Features •