CVE-2016-0120 – Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)
https://notcve.org/view.php?id=CVE-2016-0120
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos causar una denegación de servicio (cuelgue del sistema) a través de una fuente OpenType manipulada, también conocida como "OpenType Font Parsing Vulnerability". There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file. • https://www.exploit-db.com/exploits/39561 http://www.securityfocus.com/bid/84071 http://www.securitytracker.com/id/1035198 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026 • CWE-20: Improper Input Validation •
CVE-2016-0094 – Microsoft Windows Kernel - Bitmap Use-After-Free
https://notcve.org/view.php?id=CVE-2016-0094
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. El driver kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0093, CVE-2016-0095 y CVE-2016-0096. • https://www.exploit-db.com/exploits/39647 http://www.securityfocus.com/bid/84066 http://www.securitytracker.com/id/1035212 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0093 – Microsoft Windows Kernel - 'NtGdiGetTextExtentExW' Out-of-Bounds Memory Read
https://notcve.org/view.php?id=CVE-2016-0093
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. El driver kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0094, CVE-2016-0095 y CVE-2016-0096. • https://www.exploit-db.com/exploits/39648 http://www.securityfocus.com/bid/84054 http://www.securitytracker.com/id/1035212 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0121 – Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
https://notcve.org/view.php?id=CVE-2016-0121
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de una fuente OpenType manipulada, también conocida como "OpenType Font Parsing Vulnerability". There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file. • https://www.exploit-db.com/exploits/39560 http://www.securityfocus.com/bid/84027 http://www.securitytracker.com/id/1035198 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026 • CWE-20: Improper Input Validation •
CVE-2016-0095 – Microsoft Windows CreateWindowStation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0095
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. El controlador kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability," una vulnerabilidad diferente a CVE-2016-0093, CVE-2016-0094 y CVE-2016-0096. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. • https://github.com/fengjixuchui/cve-2016-0095-x64 http://www.securityfocus.com/bid/84072 http://www.securitytracker.com/id/1035212 http://www.zerodayinitiative.com/advisories/ZDI-16-196 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034 • CWE-264: Permissions, Privileges, and Access Controls •