Lucene search

[email protected]CVE-2016-0008

HistoryJan 13, 2016 - 5:59 a.m.

CVE-2016-0008

2016-01-1305:59:00

CWE-200

[email protected]

web.nvd.nist.gov

microsoft

windows

gdi32.dll

aslr

bypass vulnerability

operating systems

remote attackers.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.071 Low

EPSS

Percentile

94.0%

JSON

The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka “Windows GDI32.dll ASLR Bypass Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_rtmicrosoft windows rteq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_vistamicrosoft windows vistaeq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_server_2012microsoft windows server 2012eq-

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_rt	microsoft windows rt	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_vista	microsoft windows vista	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-

References

www.securitytracker.com/id/1034654

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-005

www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1216

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.071 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2016-0008

checkpoint_advisories1 cvelist1 symantec1 prion1 mskb1 nessus1 openvas1