Windows : Microsoft Bulletins : Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.809832

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)

Zusammenfassung: This host is missing a critical security; update according to Microsoft Bulletin MS16-147.

Beschreibung: Summary:
This host is missing a critical security
update according to Microsoft Bulletin MS16-147.

Vulnerability Insight:
The flaw exists due to the way Windows
Uniscribe handles objects in the memory.

Vulnerability Impact:
Successful exploitation will allow an attacker
to take control of the affected system. An attacker could then:

- install programs

- view, change, or delete data

- or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.

Affected Software/OS:
- Microsoft Windows 8.1 x32/x64

- Microsoft Windows 10 x32/x64

- Microsoft Windows Server 2012/2012R2

- Microsoft Windows 10 Version 1511 x32/x64

- Microsoft Windows 10 Version 1607 x32/x64

- Microsoft Windows Vista x32/x64 Service Pack 2

- Microsoft Windows Server 2008 x32/x64 Service Pack 2

- Microsoft Windows 7 x32/x64 Service Pack 1

- Microsoft Windows Server 2008 R2 x64 Service Pack 1

- Microsoft Windows Server 2016

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-7274
BugTraq ID: 94758
http://www.securityfocus.com/bid/94758
https://www.exploit-db.com/exploits/41615/
Microsoft Security Bulletin: MS16-147
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147
http://www.securitytracker.com/id/1037440

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.809832
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)
Zusammenfassung:	This host is missing a critical security; update according to Microsoft Bulletin MS16-147.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS16-147. Vulnerability Insight: The flaw exists due to the way Windows Uniscribe handles objects in the memory. Vulnerability Impact: Successful exploitation will allow an attacker to take control of the affected system. An attacker could then: - install programs - view, change, or delete data - or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Affected Software/OS: - Microsoft Windows 8.1 x32/x64 - Microsoft Windows 10 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 - Microsoft Windows Server 2008 x32/x64 Service Pack 2 - Microsoft Windows 7 x32/x64 Service Pack 1 - Microsoft Windows Server 2008 R2 x64 Service Pack 1 - Microsoft Windows Server 2016 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7274 BugTraq ID: 94758 http://www.securityfocus.com/bid/94758 https://www.exploit-db.com/exploits/41615/ Microsoft Security Bulletin: MS16-147 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147 http://www.securitytracker.com/id/1037440
Copyright	Copyright (C) 2016 Greenbone AG