CVSS: 9.3EPSS: 25%CPEs: 5EXPL: 0CVE-2016-0179
https://notcve.org/view.php?id=CVE-2016-0179
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability." Windows Shell en Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocido como "Windows Shell Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/89868 http://www.securitytracker.com/id/1035825 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-057 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 92%CPEs: 10EXPL: 1CVE-2016-0169 – Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055)
https://notcve.org/view.php?id=CVE-2016-0169
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. GDI en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos obtener información sensible a través de un documento manipulado, también conocido como "Windows Graphics Component Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-0168. gdi32.dll in Microsoft Windows suffers from a denial of service issue due to an attacker controlling the Size argument in the gdi32!GdiComment() function. • https://www.exploit-db.com/exploits/39833 http://packetstormsecurity.com/files/137095/Microsoft-Windows-gdi32.dll-Data-Copy.html http://www.securityfocus.com/bid/89863 http://www.securitytracker.com/id/1035823 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-055 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 4%CPEs: 10EXPL: 0CVE-2016-0178
https://notcve.org/view.php?id=CVE-2016-0178
The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability." El RPC NDR Engine en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 no maneja correctamente operaciones de liberación, lo que permite a atacantes remotos ejecutar código arbitrario a través de peticiones RPC mal formadas, también conocido como "RPC Network Data Representation Engine Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/90032 http://www.securitytracker.com/id/1035837 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-061 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 51%CPEs: 6EXPL: 0CVE-2016-0182
https://notcve.org/view.php?id=CVE-2016-0182
Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability." Windows Journal en Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de un archivo Journal (también conocido como .jnt) manipulado, también conocido como "Windows Journal Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/89867 http://www.securitytracker.com/id/1035824 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-056 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1225 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 37%CPEs: 11EXPL: 1CVE-2016-0170 – Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
https://notcve.org/view.php?id=CVE-2016-0170
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." GDI en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como "Windows Graphics Component RCE Vulnerability". gdi32.dll in Microsoft Windows suffers from a heap-based buffer overflow in ExtEscape(). • https://www.exploit-db.com/exploits/39834 http://packetstormsecurity.com/files/137096/Microsoft-Windows-gdi32.dll-ExtEscape-Buffer-Overflow.html http://www.securityfocus.com/bid/89864 http://www.securitytracker.com/id/1035823 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-055 • CWE-284: Improper Access Control •