Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted embedded to execute arbitrary code.
- A remote code execution vulnerability in GDI+ can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in GDI+ can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in Internet Explorer can be exploited remotely to obtain sensitive information.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Microsoft Video Control can be exploited remotely via specially crafted file to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely to obtain sensitive information.
- An information disclosure vulnerability in GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An elevation of privilege vulnerability in Graphics Component Font Parsing can be exploited remotely via specially crafted application to gain privileges.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Первичный источник обнаружения
- CVE-2016-3396
CVE-2016-3393
CVE-2016-7211
CVE-2016-3209
CVE-2016-3298
CVE-2016-0070
CVE-2016-0142
CVE-2016-3382
CVE-2016-7185
CVE-2016-3270
CVE-2016-3385
CVE-2016-3391
CVE-2016-3262
CVE-2016-3263
CVE-2016-7182
CVE-2016-3376
CVE-2016-3267
CVE-2016-3266
CVE-2016-3384
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-.NET-Framework
- Microsoft-Silverlight
- Microsoft-Lync
- Skype-for-Windows
- Microsoft-Windows-Vista-2
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
Список CVE
- CVE-2016-3270 critical
- CVE-2016-3263 high
- CVE-2016-3209 high
- CVE-2016-3262 high
- CVE-2016-7182 critical
- CVE-2016-3396 critical
- CVE-2016-3393 critical
- CVE-2016-3298 high
- CVE-2016-3267 high
- CVE-2016-3391 high
- CVE-2016-3385 critical
- CVE-2016-3384 critical
- CVE-2016-3382 critical
- CVE-2016-3376 critical
- CVE-2016-3266 critical
- CVE-2016-0070 high
- CVE-2016-0142 critical
- CVE-2016-7211 high
- CVE-2016-7185 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!