Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-09 CVE-2016-0095 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.
local
low complexity
microsoft CWE-264
7.8
2016-03-09 CVE-2016-0094 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.
local
low complexity
microsoft CWE-264
7.8
2016-03-09 CVE-2016-0093 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.
local
low complexity
microsoft CWE-264
7.8
2016-03-09 CVE-2016-0092 Improper Input Validation vulnerability in Microsoft products
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.
local
low complexity
microsoft CWE-20
7.8
2016-03-09 CVE-2016-0091 Improper Input Validation vulnerability in Microsoft products
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.
local
low complexity
microsoft CWE-20
7.8
2016-03-09 CVE-2016-0087 Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-03-09 CVE-2016-0057 Permissions, Privileges, and Access Controls vulnerability in Microsoft Office
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-03-09 CVE-2016-0021 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Infopath 2007/2010/2013
Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
2016-03-06 CVE-2016-2844 Improper Input Validation vulnerability in Google Chrome
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-20
8.8
2016-03-06 CVE-2016-1641 Unspecified vulnerability in Google Chrome
Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download.
network
low complexity
google
8.8