CVE-2016-0118
published 2016-03-09CVE-2016-0118: The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code…
PriorityP351high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
33.71%
98.2th percentile
The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
## Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
## Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge securi
Talos
Microsoft Patch Tuesday - March 2016
blogs_talos·2016-03-08·CVSS 6.5
[MEDIUM] Microsoft Patch Tuesday - March 2016
Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.
### Bulletins Rated Critical Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month's release.
MS16-023 and MS16-024 are this month's Internet Explorer and Edge security bulletin respectively. In total, 24 v
Bugzilla
CVE-2016-2376 pidgin: MXIT read stage 0x3 Code Execution Vulnerability
bugzilla·2016-06-22·CVSS 8.1
CVE-2016-2376 [HIGH] CVE-2016-2376 pidgin: MXIT read stage 0x3 Code Execution Vulnerability
CVE-2016-2376 pidgin: MXIT read stage 0x3 Code Execution Vulnerability
A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
External references:
http://www.talosintel.com/reports/TALOS-2016-0118/
http://www.pidgin.im/news/security/?id=92
Upstream fix:
https://bitbucket.org/pidgin/main/commits/19f89eda8587
http://www.securityfocus.com/bid/84112http://www.securitytracker.com/id/1035202http://www.zerodayinitiative.com/advisories/ZDI-16-177https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-028http://www.securityfocus.com/bid/84112http://www.securitytracker.com/id/1035202http://www.zerodayinitiative.com/advisories/ZDI-16-177https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-028
2016-03-09
Published