Skip to main content
CVE-2016-3309 HIGH POC KEV PATCH THREAT Act Now

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
46.3%
Threat
5.9
CVE-2016-3301 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.6%.

RCE Microsoft Live Meeting Lync Office +9
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.6%
Threat
4.7
CVE-2016-3304 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3303 HIGH POC THREAT Act Now

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

RCE Microsoft Live Meeting Lync Office +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
53.0%
Threat
4.6
CVE-2016-3316 HIGH POC THREAT Act Now

Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.3%.

RCE Buffer Overflow Microsoft Word Word For Mac
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
50.3%
Threat
4.6
CVE-2016-3313 HIGH POC THREAT Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.3%.

RCE Buffer Overflow Microsoft Office Word For Mac +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
50.3%
Threat
4.6
CVE-2016-3288 HIGH POC THREAT Act Now

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 34.1%.

RCE Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
34.1%
Threat
4.0
CVE-2016-3237 HIGH POC PATCH THREAT Act Now

Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
24.9%
CVE-2016-3319 HIGH Act Now

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Epss exploitation probability 37.2% and no vendor patch available.

Microsoft RCE Authentication Bypass Edge Windows 10 +2
NVD
CVSS 3.0
7.0
EPSS
37.2%
CVE-2016-3318 HIGH Act Now

Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-3317 HIGH Act Now

Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Word +2
NVD
CVSS 3.0
7.8
EPSS
30.0%
CVE-2016-3322 HIGH Act Now

Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
23.9%
CVE-2016-3296 HIGH Act Now

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
23.6%
CVE-2016-3293 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
17.8%
CVE-2016-3289 HIGH Act Now

Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
17.8%
CVE-2016-3290 HIGH Act Now

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.0% and no vendor patch available.

RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.0%
CVE-2016-3308 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD GitHub
CVSS 3.0
7.8
EPSS
9.4%
CVE-2016-3300 HIGH PATCH This Week

The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Windows 8 1 Windows Rt 8 1 Windows Server 2012
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2016-3311 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2016-3310 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy