CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2016-3230
https://notcve.org/view.php?id=CVE-2016-3230
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability." El componente Search en Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales provocar una denegación de servicio (degradación del rendimiento) a través de una aplicación manipulada, también conocida como "Windows Search Component Denial of Service Vulnerability." • http://www.securitytracker.com/id/1036102 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-082 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0190
https://notcve.org/view.php?id=CVE-2016-0190
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability." Volume Manager Driver en Microsoft Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT 8.1 no verifica correctamente si accesos a disco RemoteFX RDP USB fueron originados desde el usuario que montó un disco, lo que permite a usuarios locales leer archivos arbitrarios sobre estos discos a través de peticiones RemoteFX, también conocido como "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/90075 http://www.securitytracker.com/id/1035844 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2016-0171 – Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062)
https://notcve.org/view.php?id=CVE-2016-0171
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196. Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0173, CVE-2016-0174 y CVE-2016-0196. • https://www.exploit-db.com/exploits/39959 http://packetstormsecurity.com/files/137502/Windows-7-win32k-Bitmap-Use-After-Free.html http://www.securityfocus.com/bid/89860 http://www.securitytracker.com/id/1035841 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 92%CPEs: 10EXPL: 1CVE-2016-0168 – Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055)
https://notcve.org/view.php?id=CVE-2016-0168
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. GDI en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos obtener información sensible a través de un documento manipulado, también conocido como "Windows Graphics Component Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-0169. gdi32.dll in Microsoft Windows suffers from information disclosure issues via the EMF CREATECOLORSPACEW record handling. • https://www.exploit-db.com/exploits/39832 http://packetstormsecurity.com/files/137094/Microsoft-Windows-gdi32.dll-Information-Disclosure.html http://www.securityfocus.com/bid/89862 http://www.securitytracker.com/id/1035823 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0197
https://notcve.org/view.php?id=CVE-2016-0197
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." dxgkrnl.sys en el subsistema kernel DirectX Graphics en los controladores de modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/90102 http://www.securitytracker.com/id/1035841 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-264: Permissions, Privileges, and Access Controls •