Описание
Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
- An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
- An elevation of privilege vulnerability in Windows Session Object can be exploited remotely via specially crafted application to gain privileges.
- A remote code execution vulnerability in Windows SMB Authenticated can be exploited remotely via specially crafted packets to cause denial of service.
- An elevation of privilege vulnerability in Windows GDI can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Internet Explorer can be exploited remotely via specially crafted website to execute arbitrary code.
- A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
- An information disclosure vulnerability in GDI+ can be exploited remotely via specially crafted application to obtain sensitive information.
- An information disclosure vulnerability in Microsoft Browser can be exploited remotely via specially crafted content to obtain sensitive information.
- An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
- A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
- An elevation of privilege vulnerability in Windows Kernel Local can be exploited remotely via specially crafted application to gain privileges.
- A security feature bypass vulnerability in Internet Explorer can be exploited remotely via specially crafted to bypass security restrictions.
Первичный источник обнаружения
- CVE-2016-3368
CVE-2016-3371
CVE-2016-3305
CVE-2016-3306
CVE-2016-3345
CVE-2016-3355
CVE-2016-3324
CVE-2016-3375
CVE-2016-3354
CVE-2016-3351
CVE-2016-3372
CVE-2016-3348
CVE-2016-3297
CVE-2016-3373
CVE-2016-3353
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Internet-Explorer
- Microsoft-Windows
- Microsoft-Windows-Server
- Microsoft-Windows-Vista-2
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Windows-RT
- Microsoft-Windows-10
- Microsoft-Edge
Список CVE
- CVE-2016-3324 critical
- CVE-2016-3375 critical
- CVE-2016-3297 critical
- CVE-2016-3351 warning
- CVE-2016-3353 critical
- CVE-2016-3373 high
- CVE-2016-3368 critical
- CVE-2016-3371 high
- CVE-2016-3372 high
- CVE-2016-3306 critical
- CVE-2016-3345 critical
- CVE-2016-3348 critical
- CVE-2016-3354 warning
- CVE-2016-3355 critical
- CVE-2016-3305 critical
Список KB
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!