SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to recover private DSA keys or execute arbitrary code through integer overflow and buffer overwrites. The attacker can also cause denial o...

Symantec Web Gateway Management Console Interface Command Injection

SUMMARY Symantec has released an update to address a Symantec Web Gateway SWG Management Console Interface command injection issue bypassing validation restrictions to add an unauthorized whitelist entry. AFFECTED PRODUCTS Symantec Web Gateway SWG --- CVE | Affected Versions | Remediation...

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

Microsoft Azure Active Directory Passport CVE-2016-7191 Authentication Bypass Vulnerability

Description Microsoft Azure Active Directory Passport is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the application. Versions prior to Azure Active Directory Passport 1.4.6 and 2.0.1 a...

Symantec Messaging Gateway Security Update

SUMMARY Symantec has addressed a directory traversal issue in Symantec Messaging Gateway caused by insufficient sanitization of user-supplied input. This issue could allow unauthorized access to files or directories. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions |...

Symantec Decomposer Engine Security Update

SUMMARY Symantec has released an update to address two issues in the RAR file parser component of the antivirus decomposer engine used by multiple Symantec products. Parsing of maliciously formatted RAR container files may cause an application-level denial of service condition. AFFECTED PRODUCTS...

SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961

SUMMARY Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject...

Microsoft Windows CVE-2016-3352 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to gain access to potentially sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Internet Explorer and Edge CVE-2016-3325 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...

Microsoft Windows PDF Library CVE-2016-3374 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to obtain sensitive information. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Windows CVE-2016-3369 Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511...

Microsoft Internet Explorer and Edge CVE-2016-3291 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits will allow attackers to obtain sensitive information that may aid in...

Microsoft Office CVE-2016-3366 Spoofing Vulnerability

Description Microsoft Office is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Outlook 2007 Microsoft Outlook 2010 32-bit...

Microsoft Windows Kernel CVE-2016-3372 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microso...

Microsoft Office CVE-2016-0141 Information Disclosure Vulnerability

Description Microsoft Application Virtualization is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2007 SP3 Microsoft Office 2010 Service Pack 2 32-bit...

Microsoft Internet Explorer CVE-2016-3353 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. This could allow the attacker to bypass certain security restrictions. This may lead to othe...

Microsoft Office CVE-2016-3362 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Windows Kernel CVE-2016-3344 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. An attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...

Microsoft Windows Kernel CVE-2016-3306 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...

Microsoft Exchange Server CVE-2016-3379 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

Microsoft VBScript CVE-2016-3375 Remote Memory Corruption Vulnerability

Description Microsoft VBScript is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can take advantage of this vulnerability to execute arbitrary code in the context of the currently...

Microsoft Windows CVE-2016-3302 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...

Microsoft Silverlight CVE-2016-3367 Remote Memory Corruption Vulnerability

Description Microsoft Silverlight is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This could allow attackers to execute arbitrary code in the context of the currently logged-in user. Fail...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3349 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...

Adobe Flash Player APSB16-29 Multiple Unspecified Memory Corruption Vulnerabilities

Description Adobe Flash Player is prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition...

Microsoft Office CVE-2016-3364 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Office CVE-2016-3358 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Office CVE-2016-3357 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft ASP.NET Core MVC Multiple Privilege Escalation Vulnerabilities

Description Microsoft ASP.NET Core MVC is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to gain elevated privileges. Microsoft ASP.NET Core MVC 1.0.0 is vulnerable. Technologies Affected Microsoft ASP.NET Core MVC 1.0.0 Recommendations Block external...

Microsoft Exchange Server CVE-2016-0138 Information Disclosure Vulnerability

Description Microsoft Exchange Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Exchange Server 2007 SP3 Microsoft Exchange Server 2010 SP3...

Microsoft Windows Graphics Component CVE-2016-3354 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft Edge CVE-2016-3377 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

Microsoft Edge CVE-2016-3330 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

Microsoft Edge CVE-2016-3350 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This allows the attacker to execute arbitrary code in the context of the currently logged-in user. Failed attack...

Microsoft Internet Explorer and Edge CVE-2016-3297 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Edge and Internet Explorer 9, ...

Microsoft Internet Explorer CVE-2016-3292 Remote Privilege Escalation Vulnerability

Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Internet Explorer 10 and 11 are vulnerable. Technologies Affected Microsoft Internet...

Microsoft Windows PDF Library CVE-2016-3370 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to obtain sensitive information. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-3348 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Microsoft Edge CVE-2016-3294 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. This allows the attacker to execute arbitrary code in the context of the currently logged-in user. Failed attack...

Microsoft Office CVE-2016-3365 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Exchange Server CVE-2016-3378 Open Redirection Vulnerability

Description Microsoft .NET Framework is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may ...

Microsoft Application Virtualization CVE-2016-0137 Information Disclosure Vulnerability

Description Microsoft Application Virtualization is prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Office 2013 Service Pack 1 32-bit editions Microsoft Office 20...

Microsoft Windows Graphics Component CVE-2016-3356 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 f...

Microsoft Windows Kernel CVE-2016-3371 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft...

Microsoft Windows SMB Server CVE-2016-3345 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

Microsoft Office CVE-2016-3361 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Windows CVE-2016-3346 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...

Microsoft Internet Explorer and Edge CVE-2016-3247 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Internet Explorer 11 and Edge...

Microsoft Office CVE-2016-3360 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Internet Explorer and Edge CVE-2016-3295 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Edge and Internet Explorer 10...