Description
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Session Object can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows SMB Authenticated can be exploited remotely via specially crafted packets to cause denial of service.
- An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
Original advisories
- CVE-2016-3371
- CVE-2016-3305
- CVE-2016-3306
- CVE-2016-3345
- CVE-2016-3355
- CVE-2016-3324
- CVE-2016-3375
- CVE-2016-3354
- CVE-2016-3351
- CVE-2016-3372
- CVE-2016-3348
- CVE-2016-3297
- CVE-2016-3373
- CVE-2016-3353
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Vista-4
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
CVE list
- CVE-2016-3324 critical
- CVE-2016-3375 critical
- CVE-2016-3297 critical
- CVE-2016-3351 warning
- CVE-2016-3353 critical
- CVE-2016-3373 high
- CVE-2016-3368 critical
- CVE-2016-3371 high
- CVE-2016-3372 high
- CVE-2016-3306 critical
- CVE-2016-3345 critical
- CVE-2016-3348 critical
- CVE-2016-3354 warning
- CVE-2016-3355 critical
- CVE-2016-3305 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!