CVSS: 5.5EPSS: 97%CPEs: 12EXPL: 2CVE-2017-0038 – Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap Out-of-Bounds Reads / Memory Disclosure
https://notcve.org/view.php?id=CVE-2017-0038
gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. gdi32.dll en Graphics Device Interface (GDI) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos obtener información sensible de la memoria dinámica de proceso a través de un archivo EMF manipulado, como demostrado por un registro EMR_SETDIBITSTODEVICE con dimensiones Device Independent Bitmap (DIB) modificadas. NOTA: esta vulenrabilidad existe por un arreglo incompleto de la CVE-2016-3216, CVE-2016-3219 y/o CVE-2016-3220. • https://www.exploit-db.com/exploits/41363 https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS http://www.securityfocus.com/bid/96023 http://www.securitytracker.com/id/1037845 https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html https://bugs.chromium.org/p/project-zero/issues/detail?id=992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7292
https://notcve.org/view.php?id=CVE-2016-7292
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." El Installer en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607y Windows Server 2016 no maneja adecuadamente la carga de la librería, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Installer Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/94768 http://www.securitytracker.com/id/1037450 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-149 • CWE-19: Data Processing Errors •
CVSS: 9.3EPSS: 43%CPEs: 12EXPL: 1CVE-2016-7274 – Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2016-7274
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." Uniscribe en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Windows Uniscribe Remote Code Execution Vulnerability". Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability. • https://www.exploit-db.com/exploits/41615 http://www.securityfocus.com/bid/94758 http://www.securitytracker.com/id/1037440 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147 • CWE-19: Data Processing Errors •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7260
https://notcve.org/view.php?id=CVE-2016-7260
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511, y 1607 y Windows Server 2016 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/94785 http://www.securitytracker.com/id/1037452 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-151 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7219
https://notcve.org/view.php?id=CVE-2016-7219
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." El controlador Crypto en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios locales obtener información sensible a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Crypto Driver Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94764 http://www.securitytracker.com/id/1037450 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-149 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •