Description
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Session Object can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows SMB Authenticated can be exploited remotely via specially crafted packets to cause denial of service.
- An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
Fiches de renseignement originales
- CVE-2016-3375
- CVE-2016-3297
- CVE-2016-3351
- CVE-2016-3353
- CVE-2016-3373
- CVE-2016-3368
- CVE-2016-3371
- CVE-2016-3372
- CVE-2016-3306
- CVE-2016-3345
- CVE-2016-3348
- CVE-2016-3354
- CVE-2016-3355
- CVE-2016-3305
- CVE-2016-3349
- CVE-2016-3370
- CVE-2016-3302
- CVE-2016-3374
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Produits associés
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Server-2012
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
Liste CVE
- CVE-2016-3370 high
- CVE-2016-3374 high
- CVE-2016-3324 critical
- CVE-2016-3375 critical
- CVE-2016-3297 critical
- CVE-2016-3351 high
- CVE-2016-3353 critical
- CVE-2016-3373 high
- CVE-2016-3368 critical
- CVE-2016-3371 high
- CVE-2016-3372 high
- CVE-2016-3306 critical
- CVE-2016-3345 critical
- CVE-2016-3348 critical
- CVE-2016-3349 critical
- CVE-2016-3302 high
- CVE-2016-3354 warning
- CVE-2016-3355 critical
- CVE-2016-3305 critical
Liste KB
En savoir plus
Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !