CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0175 – Microsoft Windows PFFOBJ::bDeleteLoadRef Font Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0175
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability." Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permiten a usuarios locales obtener información sensible sobre direcciones de objeto kernel, y consecuentemente eludir el mecanismo de protección KASLR, a través de una aplicación manipulada, también conocido como "Win32k Information Disclosure Vulnerability". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of fonts. The issue lies in the failure to remove references to a font after freeing associated resources. • http://www.securityfocus.com/bid/90027 http://www.securitytracker.com/id/1035841 http://www.zerodayinitiative.com/advisories/ZDI-16-281 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2016-0173 – Microsoft Windows win32kfull.sys Surface Object Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0173
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196. Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0171, CVE-2016-0174 y CVE-2016-0196. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how win32kfull.sys handles reference counting of Surface objects. An attacker can leverage this vulnerability to escalate privileges and execute code with kernel privileges. • https://www.exploit-db.com/exploits/39960 http://packetstormsecurity.com/files/137503/Windows-7-win32k-Bitmap-Use-After-Free.html http://www.securityfocus.com/bid/90064 http://www.securitytracker.com/id/1035841 http://www.zerodayinitiative.com/advisories/ZDI-16-279 https://bugs.chromium.org/p/project-zero/issues/detail?id=747 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-0176 – Microsoft Windows dxgkrnl Kernel Driver Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0176
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." dxgkrnl.sys en el subsistema kernel DirectX Graphics en los controladores de modo kernel en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability". This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of the DirtyRegions structure. A buffer overflow vulnerability occurs when NumRects is larger than D3DKMT_MAX_PRESENT_HISTORY_RECTS. An attacker can leverage this vulnerability to escalate privileges and execute code under the context of SYSTEM. • http://www.securityfocus.com/bid/90052 http://www.securitytracker.com/id/1035841 http://www.zerodayinitiative.com/advisories/ZDI-16-284 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-0196 – Microsoft Windows xxxEndDeferWindowPosEx Window Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0196
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174. Los controladores del modo kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0171, CVE-2016-0173 y CVE-2016-0174. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Window objects. The issue lies in the failure to increment a reference counter prior to calling userland code. • http://www.securityfocus.com/bid/90101 http://www.securitytracker.com/id/1035841 http://www.zerodayinitiative.com/advisories/ZDI-16-278 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-062 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 76%CPEs: 6EXPL: 1CVE-2016-0151 – Microsoft Windows CSRSS Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0151
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." El Client-Server Run-time Subsystem (CSRSS) en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 gestiona incorrectamente los tokens de proceso, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Windows CSRSS Security Feature Bypass Vulnerability". The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges. The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. • https://www.exploit-db.com/exploits/39740 http://www.securitytracker.com/id/1035544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048 •