CVE-2016-0142
published 2016-10-14CVE-2016-0142: Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to…
PriorityP350high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
20.41%
97.2th percentile
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Video Control Remote Code Execution Vulnerability
vendor_msrc·2016-10-11·CVSS 7.8
CVE-2016-0142 [HIGH] Microsoft Video Control Remote Code Execution Vulnerability
Microsoft Video Control Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would have to convince a user to open either a speciall
GHSA
GHSA-9xfh-6pvf-83c3: Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-0142 [HIGH] CWE-119 GHSA-9xfh-6pvf-83c3: Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this month's bulletins for Internet Explorer and Edg
Talos
Microsoft Patch Tuesday - October 2016
blogs_talos·2016-10-11·CVSS 5.5
[MEDIUM] Microsoft Patch Tuesday - October 2016
## Microsoft Patch Tuesday - October 2016
Patch Tuesday has once again arrived! Microsoft's monthly release of security bulletins to address vulnerabilities provides fixes for 37 newly disclosed security flaws. Today's release sees a total of 10 bulletins with five of the bulletins rated critical and address vulnerabilities in Edge, Graphics Component, Internet Explorer, Video Control, and Adobe Flash Player. Four bulletins are rated important and address flaws in Office, Windows Diagnostic Hub, Windows Kernel-Mode Drivers, and Windows Registry. One bulletin is rated moderate and addresses a flaw in Microsoft Internet Messaging API.
## Bulletins Rated Critical The following bulletins are rated critical: MS16-118, MS16-119, MS16-120, MS16-122, MS16-127
MS16-118 and MS16-119 are this mont
Bugzilla
CVE-2016-2374 pidgin: MXIT MultiMX Message Code Execution Vulnerability
bugzilla·2016-06-22·CVSS 8.1
CVE-2016-2374 [HIGH] CVE-2016-2374 pidgin: MXIT MultiMX Message Code Execution Vulnerability
CVE-2016-2374 pidgin: MXIT MultiMX Message Code Execution Vulnerability
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
External references:
http://www.talosintel.com/reports/TALOS-2016-0142/
http://www.pidgin.im/news/security/?id=107
Upstream fixes:
https://bitbucket.org/pidgin/main/commits/f6c08d962618
http://www.securityfocus.com/bid/93378http://www.securitytracker.com/id/1036983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-122http://www.securityfocus.com/bid/93378http://www.securitytracker.com/id/1036983https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-122
2016-10-14
Published