CVE-2016-0153
published 2016-04-12CVE-2016-0153: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows…
PriorityP352high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
21.38%
97.3th percentile
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_itanium-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fr2f-3256-fp62: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-0153 [HIGH] CWE-284 GHSA-fr2f-3256-fp62: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."
Microsoft
Windows OLE Remote Code Execution Vulnerability
vendor_msrc·2016-04-12·CVSS 7.8
CVE-2016-0153 [HIGH] Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.
To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message.
The update addresses the vulnerability by correcting how Windows OLE validates user input.
Windows OLE: Windows OLE
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:N/A;Older Software Release:Exploitation More Likely
Reference: https://www.microsoft.com/downloads/details.aspx?familyid=7de1ca80-5bbc-4509-a0dc-e126835e03a5
Refe
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - April 2016
blogs_talos·2016-04-12·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - April 2016
## Microsoft Patch Tuesday - April 2016
Bulletins MS16-037 through MS16-040 and bulletins MS16-042, MS16-050 are rated as critical in this month's release.
MS16-037 is related to six vulnerabilities in Internet Explorer. The most severe vulnerabilities allow an attacker to craft a website that executes arbitrary code on the victim's device due to the memory corruption vulnerabilities in the browser. The attacker would be limited to executing code with same administrative rights as the current user, but with many users having full administrator rights, an attacker could use this to take full control of a device. To exploit the vulnerability the attacker must get the victim to view attacker controlled content. Previously, this has not proved a major limitation for attackers. Attackers have
Talos
Microsoft Patch Tuesday - April 2016
blogs_talos·2016-04-12·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - April 2016
Bulletins MS16-037 through MS16-040 and bulletins MS16-042, MS16-050 are rated as critical in this month's release.
MS16-037 is related to six vulnerabilities in Internet Explorer. The most severe vulnerabilities allow an attacker to craft a website that executes arbitrary code on the victim's device due to the memory corruption vulnerabilities in the browser. The attacker would be limited to executing code with same administrative rights as the current user, but with many users having full administrator rights, an attacker could use this to take full control of a device. To exploit the vulnerability the attacker must get the victim to view attacker controlled content. Previously, this has not proved a major limitation for attackers. Attackers have proved adept at sending spam messages, c
Bugzilla
CVE-2016-4301 libarchive: Stack buffer overflow in the mtree parse_device
bugzilla·2016-06-21·CVSS 7.8
CVE-2016-4301 [HIGH] CVE-2016-4301 libarchive: Stack buffer overflow in the mtree parse_device
CVE-2016-4301 libarchive: Stack buffer overflow in the mtree parse_device
An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability.
External references:
http://www.talosintel.com/reports/TALOS-2016-0153/
Upstream fix:
https://github.com/libarchive/libarchive/commit/a550daeecf6bc689ade371349892ea17b5b97c77
Discussion:
Contrary to the Talos advisory, the affected code was only introduced after
the release of v3.1.2. Thus no Red Hat packages are affected.
2016-04-12
Published