CVE-2016-0058
published 2016-02-10CVE-2016-0058: Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code…
PriorityP349high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
22.62%
97.4th percentile
Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Internet Explorer and Edge security bulletin resp
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
## Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Inter
arXiv
Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference
arxiv_fulltext·2024-12-15
Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference
Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference
Linyi Han, Shidong Pan, Zhenchang Xing, Jiamou Sun, Sofonias Yitagesu, Xiaowang Zhang, Zhiyong Feng
Manuscript received XXX XXX, 20XX. (Corresponding author: Xiaowang Zhang)
Linyi Han, Sofonias Yitagesu, Xiaowang Zhang, and Zhiyong Feng are with the College of Intelligence and Computing, Tianjin University, Tianjin, China. e-mail: \hanly2, xiaowangzhang, zyfeng\@tju.edu.cn and [email protected].
Shidong Pan, Zhenchang Xing, and Jiamou Sun are with the CSIRO's Data61, Canberra, Australia. e-mail: \Shidong.Pan, Zhenchang.Xing, Frank.Sun\@data61.csiro.au
Linyi Han is also the Center of National Railway Intelligent Transportation System Engineeri
Bugzilla
CVE-2016-1521 graphite2: Out-of-bound read vulnerability triggered by crafted fonts
bugzilla·2016-02-09·CVSS 8.8
CVE-2016-1521 [HIGH] CVE-2016-1521 graphite2: Out-of-bound read vulnerability triggered by crafted fonts
CVE-2016-1521 graphite2: Out-of-bound read vulnerability triggered by crafted fonts
An exploitable out-of-bound read vulnerability was found in the opcode handling functionality of Libgraphite. A specially crafted font can cause an out-of-bounds read resulting in arbitrary code execution. An attacker can provide a malicious font to trigger this vulnerability.
External References:
http://www.talosintel.com/reports/TALOS-2016-0058/
Discussion:
Created graphite2 tracking bugs for this issue:
Affects: fedora-all [bug 1305806]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:0197 https://rhn.redhat.com/errata/RHSA-2016-0197.html
---
This issue has been addressed in the followin
2016-02-10
Published