- Home
- CVEs with nessus.description==The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities :
- Multiple elevation of privilege vulnerabilities exist in Windows kernel-mode drivers due to improper handling of objects in memory. An authenticated, remote attacker can exploit these, via a specially crafted application, to run arbitrary code in kernel mode. (CVE-2016-3348, CVE-2016-3349)
- An information disclosure vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this, via a specially crafted application, to circumvent the Address Space Layout Randomization (ASLR) feature and disclose sensitive memory information. (CVE-2016-3354)
- An elevation of privilege vulnerability exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An authenticated, remote attacker can exploit this to run arbitrary code in kernel mode.
(CVE-2016-3355)
- An unspecified flaw exists in the Graphics Device Interface (GDI) due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted website or open a malicious document, to execute arbitrary code in the context of the current user.
(CVE-2016-3356
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top