Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10801
HistoryMay 10, 2016 - 12:00 a.m.

KLA10801 Multiple vulnerabilities in Microsoft Windows

2016-05-1000:00:00
Kaspersky Lab
threats.kaspersky.com
111

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Detect date:

05/10/2016

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information.

Affected products:

Windows Server 2012 R2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 8.1 for 32-bit systems
Windows RT 8.1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows Vista Service Pack 2
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 for 32-bit Systems
Windows Server 2008 for 32-bit Systems (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Vista x64 Edition Service Pack 2
Windows 10 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0185
CVE-2016-0189
CVE-2016-0181
CVE-2016-0197
CVE-2016-0196
CVE-2016-0195
CVE-2016-0152
CVE-2016-0168
CVE-2016-0176
CVE-2016-0174
CVE-2016-0175
CVE-2016-0180
CVE-2016-0173
CVE-2016-0170
CVE-2016-0171
CVE-2016-0190
CVE-2016-0184
CVE-2016-0169
CVE-2016-0182
CVE-2016-0178
CVE-2016-0179

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2016-01859.3Critical
CVE-2016-01897.6Critical
CVE-2016-01812.1Warning
CVE-2016-01977.2High
CVE-2016-01967.2High
CVE-2016-01959.3Critical
CVE-2016-01527.2High
CVE-2016-01684.3Warning
CVE-2016-01767.2High
CVE-2016-01747.2High
CVE-2016-01752.1Warning
CVE-2016-01807.2High
CVE-2016-01737.2High
CVE-2016-01709.3Critical
CVE-2016-01717.2High
CVE-2016-01902.1Warning
CVE-2016-01849.3Critical
CVE-2016-01694.3Warning
CVE-2016-01829.3Critical
CVE-2016-01789.0Critical
CVE-2016-01799.3Critical

Microsoft official advisories:

KB list:

3156421
3156059
3156016
3153704
3155784
3156387
3156013
3141083
3156019
3155178
3153171
3156017
3153199
3158991
3150220

Exploitation:

Public exploits exist for this vulnerability.

References

Related

kaspersky 2
mskb 25
openvas 11
nessus 11
prion 22
cve 22
checkpoint_advisories 12
mscve 22
symantec 21
threatpost 9
cisa_kev 2
packetstorm 1
myhack58 2
zdt 6
metasploit 1
exploitpack 2
seebug 2
fireeye 7
zdi 6
attackerkb 3
exploitdb 3
malwarebytes 6
thn 1
kaspersky
kaspersky
KLA11914 Multiple vulnerability in Microsoft Products (ESU)
2016-05-10 00:00:00
KLA10805 Multiple vulnerabilities in the JScript and VBScript
2016-05-10 00:00:00
mskb
mskb
MS16-062: Security update for kernel mode drivers: May 10, 2016
2016-05-10 00:00:00
Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016
2016-05-10 07:00:00
Cumulative Update for Windows 10: May 10, 2016
2016-05-10 07:00:00
openvas
openvas
Microsoft Kernel-Mode Drivers Privilege Elevation Vulnerabilities (3158222)
2016-05-11 00:00:00
Microsoft Graphics Component Multiple Vulnerabilities (3156754)
2016-05-11 00:00:00
Microsoft Windows IIS Remote Code Execution Vulnerability (3141083)
2016-05-11 00:00:00
nessus
nessus
MS16-062: Security Update for Windows Kernel-Mode Drivers (3158222)
2016-05-10 00:00:00
MS16-055: Security Update for Microsoft Graphics Component (3156754)
2016-05-10 00:00:00
MS16-060: Security Update for Windows Kernel (3154846)
2016-05-10 00:00:00
prion
prion
Privilege escalation
2016-05-11 01:59:00
Privilege escalation
2016-05-11 01:59:00
Privilege escalation
2016-05-11 01:59:00
cve
cve
CVE-2016-0171
2016-05-11 01:59:00
CVE-2016-0173
2016-05-11 01:59:00
CVE-2016-0196
2016-05-11 01:59:00
checkpoint_advisories
checkpoint_advisories
Microsoft Graphics Component Remote Code Execution (MS16-055: CVE-2016-0184)
2016-05-10 00:00:00
Microsoft Windows Graphics Component Information Disclosure (MS16-055: CVE-2016-0168)
2016-05-10 00:00:00
Microsoft Graphics Component Remote Code Execution (MS16-055: CVE-2016-0170)
2016-05-10 00:00:00
mscve
mscve
Direct3D Use After Free RCE Vulnerability
2016-05-10 07:00:00
Windows DLL Loading Remote Code Execution Vulnerability
2016-05-10 07:00:00
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
2016-05-10 07:00:00
symantec
symantec
Microsoft Windows Kernel CVE-2016-0180 Local Privilege Escalation Vulnerability
2016-05-10 00:00:00
Microsoft Windows CVE-2016-0152 DLL Loading Remote Code Execution Vulnerability
2016-05-10 00:00:00
Microsoft Windows Graphics Component CVE-2016-0170 Remote Code Execution Vulnerability
2016-05-10 00:00:00
threatpost
threatpost
New Magniber Ransomware Targets South Korea, Asia Pacific
2017-10-21 10:00:04
Neutrino EK Spotted Leveraging Patched IE Zero Day
2016-07-15 16:16:39
Malvertising Campaign Redirects Browsers To Terror Exploit Kit
2017-10-25 08:28:31
cisa_kev
cisa_kev
Microsoft Internet Explorer Memory Corruption Vulnerability
2022-03-28 00:00:00
Microsoft Windows Media Center Remote Code Execution Vulnerability
2021-11-03 00:00:00
packetstorm
packetstorm
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-06 00:00:00
myhack58
myhack58
Nebula exploit package CVE-2016-0189 exploit analysis-exploit warning-the black bar safety net
2017-04-17 00:00:00
Security researchers found that attack kits favorite Flash Player security vulnerabilities-vulnerability warning-the black bar safety net
2016-12-09 00:00:00
zdt
zdt
Microsoft Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAP
2016-05-17 00:00:00
Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
2016-06-15 00:00:00
Microsoft Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055
2016-05-17 00:00:00
metasploit
metasploit
Internet Explorer 11 VBScript Engine Memory Corruption
2016-08-01 18:26:35
exploitpack
exploitpack
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)
2016-06-22 00:00:00
Microsoft Windows Media Center - .MCL File Processing Remote Code Execution (MS16-059)
2016-05-12 00:00:00
seebug
seebug
Internet Explorer 11 VBScript engine memory corruption vulnerability
2016-08-08 00:00:00
The Microsoft DirectX graphics kernel subsystem elevation of privilege vulnerability MS16-062)
2016-11-19 00:00:00
fireeye
fireeye
Magniber Ransomware Wants to Infect Only the Right People
2017-10-19 16:06:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 12:00:00
RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique
2018-06-28 16:00:00
zdi
zdi
(Pwn2Own) Microsoft Windows dxgkrnl Kernel Driver Buffer Overflow Privilege Escalation Vulnerability
2016-05-10 00:00:00
(Pwn2Own) Microsoft Windows win32kfull.sys Surface Object Use-After-Free Privilege Escalation Vulnerability
2016-05-10 00:00:00
(Pwn2Own) Microsoft Windows PFFOBJ::bDeleteLoadRef Font Use-After-Free Privilege Escalation Vulnerability
2016-05-10 00:00:00
attackerkb
attackerkb
CVE-2016-0185
2016-05-11 00:00:00
CVE-2016-0189
2016-05-11 00:00:00
CVE-2016-0187
2016-05-11 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)
2016-06-22 00:00:00
Microsoft Windows Media Center - '.MCL' File Processing Remote Code Execution (MS16-059)
2016-05-12 00:00:00
Abusing Token Privileges For LPE
2017-08-28 00:00:00
malwarebytes
malwarebytes
Magnitude exploit kit switches to GandCrab ransomware
2018-04-17 16:58:26
Exploit kits: Winter 2018 review
2018-03-29 15:00:00
Internet Explorer zero-day: browser is once again under attack
2018-05-10 19:58:00
thn
thn
Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network
2022-11-09 11:01:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for KLA10801
kaspersky2mskb25openvas11nessus11prion22cve22checkpoint_advisories12mscve22symantec21threatpost9cisa_kev2packetstorm1myhack582zdt6metasploit1exploitpack2seebug2fireeye7zdi6attackerkb3exploitdb3malwarebytes6thn1