CVE-2016-7205
published 2016-11-10CVE-2016-7205: Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511…
PriorityP359high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
21.55%
97.3th percentile
Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability."
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_7_for_32-bit_systems_service_pack_1 | — | — |
| msrc | windows_7_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008_r2_for_itanium-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
vendor_msrc7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4282-645v-4hqh: Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-7205 [HIGH] CWE-119 GHSA-4282-645v-4hqh: Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8
Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability."
OSV
nagios3 vulnerabilities
osv·2017-04-03·CVSS 5.5
CVE-2013-7108 nagios3 vulnerabilities
nagios3 vulnerabilities
It was discovered that Nagios incorrectly handled certain long strings. A
remote authenticated attacker could use this issue to cause Nagios to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2013-7108, CVE-2013-7205)
It was discovered that Nagios incorrectly handled certain long messages to
cmd.cgi. A remote attacker could possibly use this issue to cause Nagios to
crash, resulting in a denial of service. (CVE-2014-1878)
Dawid Golunski discovered that Nagios incorrectly handled symlinks when
accessing log files. A local attacker could possibly use this issue to
elevate privileges. In the default installation of Ubuntu, this should be
prevented by the Yama link restrictions. (CVE-2016-9566)
Microsoft
Windows Animation Manager Memory Corruption Vulnerability
vendor_msrc·2016-11-08·CVSS 7.1
CVE-2016-7205 [HIGH] Windows Animation Manager Memory Corruption Vulnerability
Windows Animation Manager Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could exploit the vulnerability by convincing a user to visit a malicious webpage.
The security update addresses the vulnerability by correcting how the Windows Animation Manager handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Li
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - November 2016
blogs_talos·2016-11-08
Microsoft Patch Tuesday - November 2016
## Microsoft Patch Tuesday - November 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. For a detailed explanaiton of each of the categories listed below, please go to https://technet.microsoft.com/en-us/security/gg309177.aspx .
This month's release is packed full of goodies, but you don't want to wait to review them over Thanksgiving dinner as there are 14 unique bulletins addressing multiple vulnerabilities.
Critical bulletins address vulnerabilities in (alphabetically):
Adobe Flash Player
Edge
Graphics Component
Internet Explorer
Video Control
Windows The remaining bulletins are rated Important or Moderate and address vulnerabilities in the following products (listed alphabetically):
B
Talos
Microsoft Patch Tuesday - November 2016
blogs_talos·2016-11-08
Microsoft Patch Tuesday - November 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. For a detailed explanaiton of each of the categories listed below, please go to https://technet.microsoft.com/en-us/security/gg309177.aspx.
This month's release is packed full of goodies, but you don't want to wait to review them over Thanksgiving dinner as there are 14 unique bulletins addressing multiple vulnerabilities.
Critical bulletins address vulnerabilities in (alphabetically):
- Adobe Flash Player
- Edge
- Graphics Component
- Internet Explorer
- Video Control
- Windows
The remaining bulletins are rated Important or Moderate and address vulnerabilities in the following products (listed alphabetically):
- Boot Manager*
- Common Log File System
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securityfocus.com/bid/94033http://www.securitytracker.com/id/1037243https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132http://www.securityfocus.com/bid/94033http://www.securitytracker.com/id/1037243https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132
2016-11-10
Published