CVE-2016-0189 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2016-0189
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. Los motores Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, según se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-0187. The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. • https://www.exploit-db.com/exploits/40118 http://www.securityfocus.com/bid/90012 http://www.securitytracker.com/id/1035820 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053 https://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189 • CWE-787: Out-of-bounds Write •
CVE-2016-0162 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-0162
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos determinar la existencia de archivos a través código JavaScript manipulado, también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. • http://www.securityfocus.com/bid/85939 http://www.securitytracker.com/id/1035521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-037 •
CVE-2016-0151 – Microsoft Windows CSRSS Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2016-0151
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." El Client-Server Run-time Subsystem (CSRSS) en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 gestiona incorrectamente los tokens de proceso, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Windows CSRSS Security Feature Bypass Vulnerability". The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges. The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. • https://www.exploit-db.com/exploits/39740 http://www.securitytracker.com/id/1035544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048 •
CVE-2016-0167 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0167
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. El controlador kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Win32k Elevation of Privilege Vulnerability", una vulnerabilidad diferente a CVE-2016-0143 y CVE-2016-0165. Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application • http://www.securitytracker.com/id/1035529 http://www.securitytracker.com/id/1035532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039 •
CVE-2016-0099 – Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0099
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." El Secondary Logon Service en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold y 1511 no procesa correctamente los manejadores de petición, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "Secondary Logon Elevation of Privilege Vulnerability". The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System. A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. • https://www.exploit-db.com/exploits/39809 https://www.exploit-db.com/exploits/40107 https://www.exploit-db.com/exploits/39719 https://www.exploit-db.com/exploits/39574 http://www.securityfocus.com/bid/84034 http://www.securitytracker.com/id/1035210 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •