Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10788
HistoryApr 12, 2016 - 12:00 a.m.

KLA10788 Multiple vulnerabilities in Microsoft Graphics Component

2016-04-1200:00:00
Kaspersky Lab
threats.kaspersky.com
287

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.795 High

EPSS

Percentile

98.2%

JSON

Detect date:

04/12/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Graphics Component as used in multiple Microsoft products. Malicious users can exploit these vulnerabilities to execute arbitrary code or gain privileges.

Affected products:

Microsoft Live Meeting 2007 Console
Microsoft Windows Vista Service Pack 2
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows 7 Service Pack 1
Microsoft Windows Server 2008 Service Pack 1
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows 10
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 2
Microsoft Word Viewer
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5/3.5.1
Microsoft Skype for Business 2016
Microsoft Skype for Business Basic 2016
Microsoft Lync 2013 Service Pack 1
Microsoft Lync 2013 Basic Service Pack 1
Microsoft Lync 2010
Microsoft Lync 2010 Attendee

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2016-0143
CVE-2016-0145
CVE-2016-0165
CVE-2016-0167

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2016-01437.8Critical
CVE-2016-01458.8Critical
CVE-2016-01657.8Critical
CVE-2016-01677.8Critical

Microsoft official advisories:

KB list:

3147461
3147458
3145739
3114960
3114985
3114566
3144429
3114944
3144432
3144427
3144428
3114542
3144431
3142045
3142042
3142043
3142041
3148522

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 1
mskb 19
openvas 6
prion 4
attackerkb 3
cvelist 4
kaspersky 5
cisa_kev 2
mscve 4
fireeye 2
threatpost 2
symantec 4
cve 4
myhack58 1
zdt 3
zdi 1
checkpoint_advisories 2
exploitdb 1
qualysblog 4
nessus
nessus
MS16-039: Security Update for Microsoft Graphics Component (3148522)
2016-04-12 00:00:00
mskb
mskb
MS16-039: Security update for Microsoft Graphics Component: April 12, 2016
2016-04-12 00:00:00
MS16-039: Description of the security update for Windows Graphics Component: April 12, 2016
2016-04-12 07:00:00
MS16-039: Description of the security update for Lync 2013 (Skype for Business): April 12, 2016
2016-04-12 07:00:00
openvas
openvas
Microsoft Graphics Component Multiple Vulnerabilities (3148522)
2016-04-13 00:00:00
Microsoft Office Word Viewer Remote Code Execution Vulnerability (3148522)
2016-04-13 00:00:00
Microsoft Office Remote Code Execution Vulnerability (3148522)
2016-04-13 00:00:00
prion
prion
Privilege escalation
2016-04-12 23:59:00
Privilege escalation
2016-04-12 23:59:00
Privilege escalation
2016-04-12 23:59:00
attackerkb
attackerkb
CVE-2016-0165
2016-04-12 00:00:00
CVE-2016-0167
2016-04-12 00:00:00
CVE-2016-0143
2016-04-12 00:00:00
cvelist
cvelist
CVE-2016-0143
2016-04-12 23:00:00
CVE-2016-0167
2016-04-12 23:00:00
CVE-2016-0165
2016-04-12 23:00:00
kaspersky
kaspersky
KLA11915 Multiple vulnerabilities in Microsoft Products (ESU)
2017-04-12 00:00:00
KLA11916 Multiple vulnerabilities in Microsoft Products (ESU)
2016-04-12 00:00:00
KLA10784 Multiple vulnerabilities in Microsoft Windows
2016-04-12 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2021-11-03 00:00:00
Microsoft Win32k Privilege Escalation Vulnerability
2023-06-22 00:00:00
mscve
mscve
Windows Graphics Component Elevation of Privilege Vulnerability
2016-04-12 07:00:00
Windows Graphics Component Elevation of Privilege Vulnerability
2016-04-12 07:00:00
GDI+ Remote Code Execution Vulnerability
2016-04-12 07:00:00
fireeye
fireeye
Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
2016-05-11 15:00:00
Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks
2016-05-11 15:00:00
threatpost
threatpost
FireEye Details Microsoft Zero Day Attack on 100 Companies
2016-05-11 13:43:12
FruityArmor APT Group Used Recently Patched Windows Zero Day
2016-10-20 07:00:01
symantec
symantec
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0143 Local Privilege Escalation Vulnerability
2016-04-12 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0167 Local Privilege Escalation Vulnerability
2016-04-12 00:00:00
Microsoft Windows Kernel 'Win32k.sys' CVE-2016-0165 Local Privilege Escalation Vulnerability
2016-04-12 00:00:00
cve
cve
CVE-2016-0143
2016-04-12 23:59:10
CVE-2016-0167
2016-04-12 23:59:30
CVE-2016-0165
2016-04-12 23:59:28
myhack58
myhack58
The attacker is using Windows 0 day vulnerability attacks in North America more than 100 companies-vulnerability warning-the black bar safety net
2017-03-27 00:00:00
zdt
zdt
Microsoft Windows - Kernel DrawMenuBarTemp Wild-Write (MS16-039)
2016-04-20 00:00:00
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039) Exploit
2018-04-17 00:00:00
Microsoft Windows - Kernel win32k.sys TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)
2016-04-28 00:00:00
zdi
zdi
Microsoft Windows win32kfull Integer Overflow Remote Code Execution Vulnerability
2017-09-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (MS16-039: CVE-2016-0165)
2016-04-12 00:00:00
Microsoft Windows Graphics Memory Corruption (MS16-039: CVE-2016-0145)
2016-04-12 00:00:00
exploitdb
exploitdb
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039)
2018-03-01 00:00:00
qualysblog
qualysblog
Unpacking the CVEs in the FireEye Breach – Start Here First
2021-02-01 20:40:25
Qualys Security Advisory: SolarWinds / FireEye
2020-12-22 21:17:31
Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach
2020-12-10 00:48:29

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.795 High

EPSS

Percentile

98.2%

JSON
Related for KLA10788
nessus1mskb19openvas6prion4attackerkb3cvelist4kaspersky5cisa_kev2mscve4fireeye2threatpost2symantec4cve4myhack581zdt3zdi1checkpoint_advisories2exploitdb1qualysblog4