Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Session Object can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows SMB Authenticated can be exploited remotely via specially crafted packets to cause denial of service.
- An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
Original advisories
- CVE-2016-3375
- CVE-2016-3297
- CVE-2016-3351
- CVE-2016-3353
- CVE-2016-3373
- CVE-2016-3368
- CVE-2016-3371
- CVE-2016-3372
- CVE-2016-3306
- CVE-2016-3345
- CVE-2016-3348
- CVE-2016-3354
- CVE-2016-3355
- CVE-2016-3305
- CVE-2016-3349
- CVE-2016-3370
- CVE-2016-3302
- CVE-2016-3374
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
CVE list
- CVE-2016-3370 high
- CVE-2016-3374 high
- CVE-2016-3324 critical
- CVE-2016-3375 critical
- CVE-2016-3297 critical
- CVE-2016-3351 high
- CVE-2016-3353 critical
- CVE-2016-3373 high
- CVE-2016-3368 critical
- CVE-2016-3371 high
- CVE-2016-3372 high
- CVE-2016-3306 critical
- CVE-2016-3345 critical
- CVE-2016-3348 critical
- CVE-2016-3349 critical
- CVE-2016-3302 high
- CVE-2016-3354 warning
- CVE-2016-3355 critical
- CVE-2016-3305 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!