Multiple vulnerabilities in Microsoft Products (ESU)

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Print Spooler can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely via specially crafted script to gain privileges.
3. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
4. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
5. A spoofing vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to spoof user interface.
6. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
7. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
8. An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
9. A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
10. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
11. A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.

Fiches de renseignement originales

• CVE-2016-3238

• CVE-2016-3239
• CVE-2016-3248
• CVE-2016-3252
• CVE-2016-3259
• CVE-2016-3286
• CVE-2016-3274
• CVE-2016-3264
• CVE-2016-3249
• CVE-2016-3204
• CVE-2016-3273
• CVE-2016-3245
• CVE-2016-3254
• CVE-2016-3251
• CVE-2016-3241
• CVE-2016-3240
• CVE-2016-3242

Exploitation

Public exploits exist for this vulnerability.

Produits associés

• Microsoft-Internet-Explorer
• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Windows-Vista
• Microsoft-Windows-Server-2012
• Microsoft-Windows-8
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10
• Microsoft-Edge

Liste CVE

• CVE-2016-3204
  critical
• CVE-2016-3248
  critical
• CVE-2016-3259
  critical
• CVE-2016-3264
  critical
• CVE-2016-3273
  high
• CVE-2016-3274
  warning
• CVE-2016-3240
  critical
• CVE-2016-3241
  critical
• CVE-2016-3242
  critical
• CVE-2016-3245
  high
• CVE-2016-3238
  critical
• CVE-2016-3239
  critical
• CVE-2016-3249
  high
• CVE-2016-3254
  critical
• CVE-2016-3286
  high
• CVE-2016-3252
  high
• CVE-2016-3251
  warning

Liste KB

• 3170455
• 3168965
• 4038779
• 4038777
• 3170106

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com