CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-0095 – Microsoft Windows CreateWindowStation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0095
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. El controlador kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability," una vulnerabilidad diferente a CVE-2016-0093, CVE-2016-0094 y CVE-2016-0096. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CreateWindowStation. The issue lies in the failure to check for NULL before dereferencing a pointer. • http://www.securityfocus.com/bid/84072 http://www.securitytracker.com/id/1035212 http://www.zerodayinitiative.com/advisories/ZDI-16-196 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-034 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 8%CPEs: 10EXPL: 1CVE-2016-0120 – Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)
https://notcve.org/view.php?id=CVE-2016-0120
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." Adobe Type Manager Library en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos causar una denegación de servicio (cuelgue del sistema) a través de una fuente OpenType manipulada, también conocida como "OpenType Font Parsing Vulnerability". There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file. • https://www.exploit-db.com/exploits/39561 http://www.securityfocus.com/bid/84071 http://www.securitytracker.com/id/1035198 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-026 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 90%CPEs: 10EXPL: 0CVE-2016-0091 – Microsoft Windows OleLoadPicture Bitmap Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0091
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092. OLE en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado, también conocida como "Windows OLE Memory Remote Code Execution Vulnerability", una vulnerabilidad diferente a CVE-2016-0092. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OleLoadPicture function. User-supplied data is used to calculate a buffer length for allocation, and if the image is a bitmap, the function can then write beyond the buffer boundary. • http://www.securityfocus.com/bid/83944 http://www.securitytracker.com/id/1035208 http://www.zerodayinitiative.com/advisories/ZDI-16-182 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-030 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 90%CPEs: 10EXPL: 0CVE-2016-0092 – Microsoft Windows OleLoadPicture Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0092
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091. OLE en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado, también conocida como "Windows OLE Memory Remote Code Execution Vulnerability", una vulnerabilidad diferente a CVE-2016-0091. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the OleLoadPicture function. User-supplied data is used to calculate a buffer length for allocation and the function can then write beyond the buffer boundary. • http://www.securityfocus.com/bid/84125 http://www.securitytracker.com/id/1035208 http://www.zerodayinitiative.com/advisories/ZDI-16-181 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-030 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 91%CPEs: 12EXPL: 2CVE-2016-0041 – Office OLE Multiple DLL Side Loading Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-0041
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 10 y 11 no manejan adecuadamente la carga DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "DLL Loading Remote Code Execution Vulnerability". • https://www.exploit-db.com/exploits/41706 http://seclists.org/fulldisclosure/2016/Feb/49 http://www.securitytracker.com/id/1034971 http://www.securitytracker.com/id/1034985 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 https://www.securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html https://securify.nl/advisory/SFY20150801/com__services_dll_side •