Microsoft Edge CVE-2016-0191 Scripting Engine Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can take advantage of this vulnerability to execute arbitrary code in the context of the currently...

Microsoft Office CVE-2016-0198 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Internet Explorer CVE-2016-0194 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 10, and 11 are vulnerable. Technologies Affected Microsoft Internet Explorer 10...

Microsoft Windows Media Center CVE-2016-0185 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsof...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0171 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...

Microsoft Windows Graphics Component CVE-2016-0170 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 for 32-bit...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0174 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...

Microsoft Windows Graphics Component CVE-2016-0169 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...

Microsoft Internet Explorer and Edge CVE-2016-0192 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currentl...

Microsoft Windows Journal CVE-2016-0182 Memory Corruption Vulnerability

Description Microsoft Windows is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...

Microsoft Windows Graphics Component CVE-2016-0168 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems...

Microsoft Windows CVE-2016-0152 DLL Loading Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft...

SA123 : OpenSSL Vulnerabilities 3-May-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to intercept and decrypt TLS sessions, obtain arbitrary data from the target's memory stack, or execute arbitrary code through buffer...

Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege

SUMMARY Symantec Endpoint Encryption SEE has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. AFFECTED PRODUCTS Symantec Endpoint Encryption --- CVE | Affected Versions | Remediation...

SA120 : Truncated Diffie-Hellman Secret Generation in libssh2

SUMMARY Blue Coat products that include affected versions of libssh2 are susceptible to a truncated Diffie-Hellman secret length vulnerability. A remote man-in-the-middle MITM attacker can exploit this vulnerability to intercept SSH connections that originate from Blue Coat products. The MITM...

SA121 : OpenSSH Shell Command Restriction Bypass

SUMMARY Blue Coat products that include vulnerable versions of OpenSSH and enable X11 forwarding are susceptible to a command injection vulnerability due to insufficient input data sanitization. An authenticated remote attacker can exploit this vulnerability to bypass intended command restriction...

Symantec Messaging Gateway Multiple Security Issues

SUMMARY Symantec Messaging Gateway SMG Appliance management console was susceptible to potential recovery of the AD password by any user with at least authorized read access to the appliance. Also, an admin or support user could potentially escalate a lower-privileged access to root on the...

SA122 : SMB Vulnerabilities in Windows and Samba (Badlock)

SUMMARY Blue Coat products that include affected versions of Microsoft Windows and Samba are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to hijack connections to view and modify traffic, obtain unauthorized access to user passwords and other...

Microsoft Edge CVE-2016-0157 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

Microsoft Internet Explorer and Edge CVE-2016-0154 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently...

Microsoft Windows 'HTTP.sys' CVE-2016-0150 Denial of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based Systems Microsoft Windows 10 version 1511...

Microsoft Windows OLE CVE-2016-0153 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0165 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0167 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsof...

Microsoft Internet Explorer CVE-2016-0166 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Internet Explorer Library Loading CVE-2016-0160 Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability

...

Microsoft Windows Hyper-V CVE-2016-0090 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for x64-based Syste...

Microsoft Windows RPC Downgrade CVE-2016-0128 Man in the Middle Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to gain elevated privileges and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Technologies Affected Microsoft...

Microsoft Edge CVE-2016-0158 Remote Privilege Escalation Vulnerability

Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary,...

Microsoft Edge CVE-2016-0156 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

Microsoft Internet Explorer CVE-2016-0159 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows Graphics Component CVE-2016-0145 Memory Corruption Vulnerability

Description Microsoft Windows is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft .NET Framework 3.0 SP2...

Microsoft Windows Hyper-V CVE-2016-0089 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 for x64-based Systems Microsoft Windows 8.1 for x64-based Syste...

Microsoft Windows Secondary Logon CVE-2016-0135 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with admin privileges in the context of the affected system. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 fo...

Microsoft Office CVE-2016-0136 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Office CVE-2016-0139 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Windows Client-Server Run-time Subsystem CVE-2016-0151 Local Security Bypass Vulnerability

Description Microsoft Windows is prone to a local security-bypass vulnerability. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Windows 10 for 32-bit Systems Microsoft Windows 10 for x64-based...

Microsoft Office CVE-2016-0127 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Windows Hyper-V CVE-2016-0088 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Microsoft Window...

Microsoft XML Core Services CVE-2016-0147 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10...

Microsoft Edge CVE-2016-0161 Remote Privilege Escalation Vulnerability

Description Microsoft Edge is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Edge Recommendations Block external access at the network boundary,...

Microsoft Internet Explorer CVE-2016-0162 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Internet Explorer 9, 10, and 11 are vulnerable. Technologies Affected Microsoft Internet Explorer ...

Microsoft Office CVE-2016-0122 Memory Corruption Vulnerability

Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in deni...

Microsoft Edge CVE-2016-0155 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Faile...

Microsoft Internet Explorer CVE-2016-0164 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-i...

Microsoft Windows Library Loading CVE-2016-0148 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft .NET...

Symantec ITMS Inventory Solution Application Denial Functionality Bypass

SUMMARY The Inventory Solution component of Symantecs IT Management Agent, the client portion of Symantec IT Management Suite ITMS powered by Altiris, can be configured to deny one or more applications from running on a windows managed client as part of IT management functions. A determined user...

SA119 : Multiple NSS Vulnerabilities

SUMMARY Blue Coat products that include affected versions of NSS are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to trigger arbitrary code execution. The attacker can also cause denial of service through application crashes and memory corruption...

Symantec Endpoint Protection Multiple Security Issues

SUMMARY Symantec Endpoint Protection SEP was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code...