CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-3320
https://notcve.org/view.php?id=CVE-2016-3320
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 permiten a atacantes eludir el mecanismo de protección Secure Boot aprovechando el acceso (1) administrativo o (2) físico para instalar un gestor boot manipulado, también conocida como "Secure Boot Security Feature Bypass". • http://www.securityfocus.com/bid/92304 http://www.securitytracker.com/id/1036573 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-100 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVB6Y2TVKSOBTIIBRUAJUIH3LQHMHCAG • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3308 – Microsoft Windows xxxInsertMenuItem Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3308
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3309, CVE-2016-3310, and CVE-2016-3311. Los controladores modo kernel en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-3309, CVE-2016-3310 y CVE-2016-3311. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of menu items. The issue lies in the failure to account for a special case in which there is ambiguity as to whether a specified menu item resides on a menu or on a submenu. • https://github.com/55-AA/CVE-2016-3308 http://www.securityfocus.com/bid/92295 http://www.securitytracker.com/id/1036572 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2016-3309 – Microsoft Windows Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3309
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311. Los controladores modo kernel en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-3308, CVE-2016-3310 y CVE-2016-3311. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RGNOBJ objects. An integer overflow vulnerability occurs when an attacker combines rectangles with special coordinates. • https://www.exploit-db.com/exploits/42960 http://www.securityfocus.com/bid/92297 http://www.securitytracker.com/id/1036572 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3249
https://notcve.org/view.php?id=CVE-2016-3249
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3252, CVE-2016-3254, and CVE-2016-3286. Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocidq como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-3252, CVE-2016-3254, y CVE-2016-3286. • http://www.securityfocus.com/bid/91597 http://www.securitytracker.com/id/1036288 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-090 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 10EXPL: 0CVE-2016-3286
https://notcve.org/view.php?id=CVE-2016-3286
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3254. Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales eludir el mecanismo de protección Secure Boot aprovechando el acceso administrativo para instalar una política manipulada, también conocido como "Secure Boot Security Feature Bypass". • http://www.securityfocus.com/bid/91616 http://www.securitytracker.com/id/1036288 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-090 • CWE-264: Permissions, Privileges, and Access Controls •