The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows 2008 R0

computer vulnerability CVE-2016-3298

Internet Explorer: information disclosure via Microsoft Internet Messaging API

Synthesis of the vulnerability

An attacker can use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: 3196067, CERTFR-2016-AVI-340, CVE-2016-3298, MS16-126, VIGILANCE-VUL-20835.

Description of the vulnerability

The Internet Explorer product can use the Microsoft Internet Messaging API.

However, an attacker can bypass restrictions, to detect the presence of files on victim's system.

An attacker can therefore use a vulnerability via Microsoft Internet Messaging API of Internet Explorer, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-0070 CVE-2016-0073 CVE-2016-0075

Windows: four vulnerabilities via Windows Registry

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Windows Registry of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 12/10/2016.
Identifiers: 3193227, 871, 872, 873, 875, CERTFR-2016-AVI-340, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, MS16-124, VIGILANCE-VUL-20833.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0070]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0073]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0075]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-0079]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-3266 CVE-2016-3341 CVE-2016-3376

Windows: five vulnerabilities via Kernel

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Kernel of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/10/2016.
Identifiers: 3192892, 876, 885, CERTFR-2016-AVI-340, CVE-2016-3266, CVE-2016-3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7211, MS16-123, VIGILANCE-VUL-20832.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3266]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3376]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-7185]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-7211]

An attacker can bypass security features via Windows Transaction Manager, in order to escalate his privileges. [severity:2/4; CVE-2016-3341]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3209 CVE-2016-3262 CVE-2016-3263

Windows, .NET, Office, Skype, Lync, Silverlight: seven vulnerabilities via Graphics Component

Synthesis of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.
Impacted products: Lync, .NET Framework, Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, Silverlight, Skype for Business, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 12/10/2016.
Identifiers: 3192884, 825, 829, 864, 868, CERTFR-2016-AVI-340, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393, CVE-2016-3396, CVE-2016-7182, MS16-120, VIGILANCE-VUL-20829.

Description of the vulnerability

Several vulnerabilities were announced in Windows, .NET, Office, Skype, Lync and Silverlight.

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3393]

An attacker can use a vulnerability via GDI+, in order to run code. [severity:4/4; CVE-2016-3396]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3209]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3262]

An attacker can bypass security features via GDI+, in order to obtain sensitive information. [severity:2/4; CVE-2016-3263]

An attacker can bypass security features via True Type Font, in order to escalate his privileges. [severity:2/4; CVE-2016-7182]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3270]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-3305 CVE-2016-3306 CVE-2016-3371

Windows: five vulnerabilities via Kernel

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Kernel of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 5.
Creation date: 13/09/2016.
Revision date: 26/09/2016.
Identifiers: 3186973, 865, 870, CERTFR-2016-AVI-310, CVE-2016-3305, CVE-2016-3306, CVE-2016-3371, CVE-2016-3372, CVE-2016-3373, MS16-111, VIGILANCE-VUL-20596.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Session Object, in order to escalate his privileges. [severity:2/4; CVE-2016-3305]

An attacker can bypass security features via Session Object, in order to escalate his privileges. [severity:2/4; CVE-2016-3306]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3371]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3372]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-3373]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 20602

ASP.NET Core MVC: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of ASP.NET Core MVC, in order to escalate his privileges.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 13/09/2016.
Identifiers: 3181759, VIGILANCE-VUL-20602.

Description of the vulnerability

An attacker can bypass restrictions of ASP.NET Core MVC, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3375

Windows: memory corruption via VBScript Scripting Engine

Synthesis of the vulnerability

An attacker can generate a memory corruption via VBScript Scripting Engine of Windows, in order to trigger a denial of service, and possibly to run code.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 13/09/2016.
Identifiers: 3188724, CERTFR-2016-AVI-310, CVE-2016-3375, MS16-116, VIGILANCE-VUL-20601.

Description of the vulnerability

An attacker can generate a memory corruption via VBScript Scripting Engine of Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-3345

Windows: code execution via SMBv1

Synthesis of the vulnerability

An authenticated attacker can send a malicious SMBv1 packet to Windows, in order to run code on the server.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 13/09/2016.
Identifiers: 3185879, CERTFR-2016-AVI-310, CVE-2016-3345, MS16-114, VIGILANCE-VUL-20599.

Description of the vulnerability

The Windows product offers a SMB file sharing service.

However, a special SMBv1 packet in an authenticated session leads to code execution.

An authenticated attacker can therefore send a malicious SMBv1 packet to Windows, in order to run code on the server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3346 CVE-2016-3352 CVE-2016-3368

Windows: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/09/2016.
Identifiers: 3178467, CERTFR-2016-AVI-310, CVE-2016-3346, CVE-2016-3352, CVE-2016-3368, CVE-2016-3369, MS16-110, VIGILANCE-VUL-20595.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via DLL, in order to escalate his privileges. [severity:2/4; CVE-2016-3346]

An attacker can bypass security features via NTLM SSO, in order to obtain sensitive information. [severity:2/4; CVE-2016-3352]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-3368]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-3369]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3348 CVE-2016-3349 CVE-2016-3354

Windows: five vulnerabilities via Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Graphics Component of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 13/09/2016.
Identifiers: 3185848, CERTFR-2016-AVI-310, CVE-2016-3348, CVE-2016-3349, CVE-2016-3354, CVE-2016-3355, CVE-2016-3356, MS16-106, VIGILANCE-VUL-20591, ZDI-16-507.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3348]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-3349]

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-3354, ZDI-16-507]

An attacker can bypass security features via GDI, in order to escalate his privileges. [severity:2/4; CVE-2016-3355]

An attacker can generate a memory corruption via GDI, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-3356]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Windows 2008 R0: