Vulnerability Summary for the Week of November 7, 2016 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7857 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7858 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7859 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7860 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable type confusion vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7861 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable type confusion vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7862 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7863 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7864 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable use*after*free vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0..01 and 2016-11-08 10.0 CVE-2016-7865 CONFIRM (link earlier, 22...20..64/ and earlier have an is external) e5#loitable type confusion vulnerability. 'uccessful e5#loitation could lead to arbitrary code e5ecution. 6oomla ** 6oomla7 The register method in the 2016-11-04 7.5 CVE-2016-8869 MISC (link is 8sersModelRegistration class in external) controllers:user.ph# in the 8sers com#onent in BID (link is ;oomla7 before /.6.4 allows remote attac$ers to external) SECTRACK gain #rivileges by leveraging incorrect use of (link is external) unfiltered data when registering on a site. MISC (link is external) CONFIRM CONFIRM (link is external) MISC (link is external) EXPLOIT-DB (link is external) microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-0026 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*///., !"*.023* ////, !"*.023*///4, !"*.023*///1, !"* .023*///=, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3332 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ////, !"*.023*///4, !"*.023*///1, !"* .023*///=, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3333 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*///4, !"*.023*///1, !"* .023*///=, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3334 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///1, !"* .023*///=, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3335 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///=, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3338 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///1, !"*.023*//40, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3340 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///1, !"*.023*///=, !"*.023*//4., !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3342 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///1, !"*.023*///=, !"*.023*//40, !"*.023*//4/, and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-3343 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///1, !"*.023*///=, !"*.023*//40, !"*.023*//4., and !"*.023*>2=4. microsoft ** windows+20 The ommon Log -ile 'ystem ( L-') driver in 2016-11-10 9.3 CVE-2016-7184 MS (link is Microsoft <indows !ista 'P., <indows 'erver external) .00= 'P. and 9. 'P2, <indows > 'P2, <indows =.1, <indows 'erver .02. ?old and 9., <indows 9T =.2, <indows 20 ?old, 2122, and 230>, and <indows 'erver .023 allows local users to gain #rivileges via a crafted a##lication, a$a @<indows ommon Log -ile 'ystem Driver Elevation of Privilege !ulnerability,@ a different vulnerability than !"*.023*00.3, !"*.023* ///., !"*.023*////, !"*.023*///4, !"* .023*///1, !"*.023*///=, !"*.023*//40, !"*.023*//4., and !"*.023*//4/. microsoft ** edge Microsoft %nternet "5#lorer A through 22 and 2016-11-10 7.6 CVE-2016-7195 MS (link is Microsoft Edge allow remote attac$ers to external) e5ecute arbitrary code or cause a denial of MS (link is service (memory corru#tion) via a crafted web external) site, a$a @Microsoft Browser Memory orru#tion !ulnerability,@ a different vulnerability than !"* .023*>2A=.