Msrc Windows Vista Service Pack 2 vulnerabilities

CVE-2016-3254 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2016-3286 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability,

CVE-2016-3249 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted applicatio

CVE-2016-3251 [LOW] Windows GDI Information Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Description: A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted a

CVE-2016-3225 [HIGH] Windows SMB Server Elevation of Privilege Vulnerability Windows SMB Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) when an attacker forwards an authentication request intended for another service running on the same machine. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions. To exploit the vulnerability, an attac

CVE-2016-3223 [HIGH] Group Policy Elevation of Privilege Vulnerability Group Policy Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack agai

CVE-2016-3299 [MEDIUM] NetBIOS Elevation of Privilege Vulnerability NetBIOS Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Windows when NetBIOS improperly handles responses. An attacker who successfully exploited the vulnerability could use it to hijack network traffic or render untrusted content in a browser outside of Enhanced Protected Mode (EPM) or an application container. To exploit the vulnerability, an attacker whose system

CVE-2016-3221 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3236 [CRITICAL] Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Windows improperly handles certain proxy discovery scenarios using the Web Proxy Auto Discovery (WPAD) protocol method. An attacker who successfully exploited the vulnerability could potentially access and control network traffic for which the attacker does not have

CVE-2016-3220 [HIGH] OpenType Font Driver Elevation of Privilege Vulnerability OpenType Font Driver Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data

CVE-2016-3216 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows Graphics Component (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an inform

CVE-2016-3218 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnera

CVE-2016-3213 [HIGH] WPAD Elevation of Privilege Vulnerability WPAD Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker could respond to NetBIOS name requests

CVE-2016-0182 [HIGH] Windows Journal Memory Corruption Vulnerability Windows Journal Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected

CVE-2016-0195 [HIGH] Windows Imaging Component Memory Corruption Vulnerability Windows Imaging Component Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

CVE-2016-0170 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. User

CVE-2016-0184 [HIGH] Direct3D Use After Free RCE Vulnerability Direct3D Use After Free RCE Vulnerability Description: A remote code execution vulnerability exists when the Windows GDI component fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have

CVE-2016-0152 [HIGH] Windows DLL Loading Remote Code Execution Vulnerability Windows DLL Loading Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Use

CVE-2016-0168 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convinc

CVE-2016-0185 [HIGH] Windows Media Center Remote Code Execution Vulnerability Windows Media Center Remote Code Execution Vulnerability Description: A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could take control of an affected system. Customers whose accounts are configured to have fewer