The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows 2012

computer vulnerability alert CVE-2014-0282 CVE-2014-1762 CVE-2014-1764

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/06/2014.
Revision date: 20/12/2016.
Identifiers: 2969262, CERTFR-2014-AVI-266, CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2777, CVE-2014-2782, MS14-035, VIGILANCE-VUL-14876, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can use a TLS Certificate Renegotiation, in order to obtain sensitive information. [severity:2/4; CVE-2014-1771]

An attacker can read local files, in order to obtain sensitive information. [severity:2/4; CVE-2014-1777]

An attacker can use three vulnerabilities, in order to escalate his privileges. [severity:2/4; CVE-2014-1764, CVE-2014-1778, CVE-2014-2777]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0282, CVE-2014-1762, CVE-2014-1766, CVE-2014-1769, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2782, ZDI-14-174, ZDI-14-175, ZDI-14-176, ZDI-14-177, ZDI-14-178, ZDI-14-179, ZDI-14-180, ZDI-14-181, ZDI-14-182, ZDI-14-183, ZDI-14-184, ZDI-14-185, ZDI-14-186, ZDI-14-212, ZDI-14-213, ZDI-14-226, ZDI-14-227, ZDI-14-237, ZDI-14-259, ZDI-14-260, ZDI-14-270, ZDI-14-354, ZDI-14-357, ZDI-14-366, ZDI-14-367]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7202 CVE-2016-7278 CVE-2016-7279

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 14/12/2016.
Revision date: 16/12/2016.
Identifiers: 3204059, 972, CERTFR-2016-AVI-413, CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, MS16-144, VIGILANCE-VUL-21365.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can bypass security features via Windows Hyperlink Object Library, in order to obtain sensitive information. [severity:2/4; CVE-2016-7278]

An attacker can bypass security features via Microsoft Browser, in order to obtain sensitive information. [severity:2/4; CVE-2016-7282]

An attacker can bypass security features via Internet Explorer, in order to obtain sensitive information. [severity:2/4; CVE-2016-7284]

An attacker can generate a memory corruption via Microsoft Browser, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7279]

An attacker can generate a memory corruption via Internet Explorer, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7283]

An attacker can bypass security features via Microsoft Browser, in order to escalate his privileges. [severity:3/4; CVE-2016-7281]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7202]

An attacker can generate a memory corruption via Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; 972, CVE-2016-7287]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7270

Microsoft .NET: information disclosure via SQL Server Always Encrypted

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Impacted products: .NET Framework, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3205640, CERTFR-2016-AVI-417, CVE-2016-7270, MS16-155, VIGILANCE-VUL-21378.

Description of the vulnerability

An attacker can bypass access restrictions to data via SQL Server Always Encrypted of Microsoft .NET, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7867 CVE-2016-7868 CVE-2016-7869

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Windows 10, Windows 2012, Windows 2016, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 14/12/2016.
Identifiers: 3209498, APSB16-39, CERTFR-2016-AVI-410, CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892, MS16-154, openSUSE-SU-2016:3160-1, RHSA-2016:2947-01, SUSE-SU-2016:3148-1, VIGILANCE-VUL-21376, ZDI-16-619, ZDI-16-620, ZDI-16-621, ZDI-16-622, ZDI-16-623, ZDI-16-624, ZDI-16-625, ZDI-16-626, ZDI-16-627.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7872, ZDI-16-626]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7877]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7878, ZDI-16-620]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7879, ZDI-16-619]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7880]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7881]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7892]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7867, ZDI-16-622]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7868, ZDI-16-625]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7869, ZDI-16-624]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7870, ZDI-16-623]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7871, ZDI-16-627]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7873]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7874]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7875, ZDI-16-621]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7876]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-7890]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-7295

Windows: information disclosure via CLFS

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CLFS of Windows, in order to obtain sensitive information.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2016.
Identifiers: 3207328, CERTFR-2016-AVI-416, CVE-2016-7295, MS16-153, VIGILANCE-VUL-21375.

Description of the vulnerability

An attacker can bypass access restrictions to data via Common Log File System Driver of Windows, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7259 CVE-2016-7260

Windows: two vulnerabilities via Win32k

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Win32k of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2016.
Identifiers: 3205651, CERTFR-2016-AVI-416, CVE-2016-7259, CVE-2016-7260, MS16-151, VIGILANCE-VUL-21373.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Graphics Component, in order to escalate his privileges. [severity:2/4; CVE-2016-7259]

An attacker can bypass security features via Win32k, in order to escalate his privileges. [severity:2/4; CVE-2016-7260]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-7219 CVE-2016-7292

Windows: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/12/2016.
Identifiers: 3205655, CERTFR-2016-AVI-416, CVE-2016-7219, CVE-2016-7292, MS16-149, VIGILANCE-VUL-21371.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via Crypto Driver, in order to obtain sensitive information. [severity:2/4; CVE-2016-7219]

An attacker can bypass security features via Windows Installer, in order to escalate his privileges. [severity:3/4; CVE-2016-7292]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7274

Windows: memory corruption via Uniscribe

Synthesis of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Impacted products: IIS, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3204063, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, CERTFR-2016-AVI-416, CVE-2016-7274, MS16-147, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-21368.

Description of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-7257 CVE-2016-7272 CVE-2016-7273

Windows: three vulnerabilities via Graphics Component

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Graphics Component of Windows.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/12/2016.
Identifiers: 3204066, CERTFR-2016-AVI-416, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, MS16-146, VIGILANCE-VUL-21367, ZDI-16-645.

Description of the vulnerability

Several vulnerabilities were announced in Windows.

An attacker can bypass security features via GDI, in order to obtain sensitive information. [severity:2/4; CVE-2016-7257]

An attacker can generate a memory corruption via Windows Graphics, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7272, ZDI-16-645]

An attacker can generate a memory corruption via Windows Graphics, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-7273]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7247

Windows: privilege escalation via Secure Boot

Synthesis of the vulnerability

A local attacker can bypass Secure Boot of Windows, in order to escalate his privileges.
Impacted products: Windows 10, Windows 2012, Windows 2016, Windows 8, Windows RT.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: physical access.
Creation date: 09/11/2016.
Identifiers: 3193479, CERTFR-2016-AVI-374, CVE-2016-7247, MS16-140, VIGILANCE-VUL-21080.

Description of the vulnerability

The Windows product uses Secure Boot to check the code on system start.

However, an attacker with a physical access can bypass the policy and install a malicious code on boot.

A local attacker can therefore bypass Secure Boot of Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.