CVSS: 4.3EPSS: 7%CPEs: 11EXPL: 0CVE-2016-0008
https://notcve.org/view.php?id=CVE-2016-0008
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability." La interfaz de dispositivo gráfico en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 permite a atacantes remotos eludir el mecanismo de protección ASLR a través de vectores no especificados, también conocido como "Windows GDI32.dll ASLR Bypass Vulnerability". • http://www.securitytracker.com/id/1034654 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-005 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1216 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 1CVE-2016-0006 – Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008)
https://notcve.org/view.php?id=CVE-2016-0006
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. La implementación de la sandbox en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 no maneja adecuadamente los puntos reanalizados, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "Windows Mount Point Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0007. The fix for CVE-2015-2553 can be bypassed to get limited mount reparse points working again for sandbox attacks. • https://www.exploit-db.com/exploits/39311 http://www.securityfocus.com/bid/79882 http://www.securitytracker.com/id/1034645 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-008 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0014 – Microsoft IExpress DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-0014
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 no manejan adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "DLL Loading Elevation of Privilege Vulnerability". Microsoft IExpress suffers from a DLL hijacking vulnerability. • http://www.securitytracker.com/id/1034661 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 60%CPEs: 13EXPL: 2CVE-2016-0016 – Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)
https://notcve.org/view.php?id=CVE-2016-0016
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 no manejan adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "DLL Loading Remote Code Execution Vulnerability". It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. • https://www.exploit-db.com/exploits/39233 http://www.securitytracker.com/id/1034661 https://code.google.com/p/google-security-research/issues/detail?id=555 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007 • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 1CVE-2015-6174 – win32k Desktop and Clipboard - Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2015-6174
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173. El kernel en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Windows Kernel Memory Elevation of Privilege Vulnerability', una vulnerabilidad diferente a CVE-2015-6171 y CVE-2015-6173. • https://www.exploit-db.com/exploits/39026 http://www.securitytracker.com/id/1034334 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-135 • CWE-264: Permissions, Privileges, and Access Controls •