SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows OLE Processing Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1035208
SecurityTracker URL:  http://securitytracker.com/id/1035208
CVE Reference:   CVE-2016-0091, CVE-2016-0092   (Links to External Site)
Date:  Mar 8 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8.1, 2012, 2012 R2, RT 8.1, 10; and prior service packs
Description:   Two vulnerabilities were reported in Windows OLE. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file or program that, when loaded by the target user, will trigger an input validation flaw in Windows OLE processing and execute arbitrary code on the target system.

Anonymous (via HP's Zero Day Initiative) reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix.

Windows Vista Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=225d1ae8-c064-43f0-b35f-c4a416393ac9

Windows Vista x64 Edition Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=4373c1df-a545-486e-ace0-74c486953ae7

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=a0b51496-8d07-416f-acf2-e6fbae99e940

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=727444c6-9e53-4a79-9ac9-d84f2182c244

Windows Server 2008 for Itanium-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=759d79f1-2505-417f-bac7-ceb966441941

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=57e05985-b633-4aea-aa7a-7656df6c1ff6

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2f85511d-74eb-4992-8956-877d917f3dd5

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2966214f-ec61-4465-a15e-d1bcb0f5ffb5

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=1382fcef-b37b-43d6-88c1-58417f5dbac3

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=bb9fef78-4896-4ec6-b58c-a4ec72ce18ec

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=1f333dff-dd47-4249-962f-1ff26dc0a078

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=b81a91c0-e1ce-4fef-825c-38dcea79ec7a

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=edb7c20a-5eeb-486b-a3d9-bf806ae89711

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=a0b51496-8d07-416f-acf2-e6fbae99e940

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=727444c6-9e53-4a79-9ac9-d84f2182c244

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=2966214f-ec61-4465-a15e-d1bcb0f5ffb5

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-030

Vendor URL:  technet.microsoft.com/library/security/ms16-030 (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC