The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-0166 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0165 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-0143 and CVE-2016-0167. | HIGH | Apr 12, 2016 |
| CVE-2016-0164 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0163 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-0162 | Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka Internet Explorer Information Disclosure Vulnerability. | MEDIUM | Apr 12, 2016 |
| CVE-2016-0161 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka Microsoft Edge Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-0158. | MEDIUM | Apr 12, 2016 |
| CVE-2016-0160 | Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka DLL Loading Remote Code Execution Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0159 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Internet Explorer Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0158 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka Microsoft Edge Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-0161. | MEDIUM | Apr 12, 2016 |
| CVE-2016-0157 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0155 and CVE-2016-0156. | HIGH | Apr 12, 2016 |
| CVE-2016-0156 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0155 and CVE-2016-0157. | HIGH | Apr 12, 2016 |
| CVE-2016-0155 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0156 and CVE-2016-0157. | HIGH | Apr 12, 2016 |
| CVE-2016-0154 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Browser Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0153 | OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka Windows OLE Remote Code Execution Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0152 | Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka Windows DLL Loading Remote Code Execution Vulnerability. | HIGH | May 11, 2016 |
| CVE-2016-0151 | The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka Windows CSRSS Security Feature Bypass Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0150 | HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka HTTP.sys Denial of Service Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0149 | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka TLS/SSL Information Disclosure Vulnerability. | MEDIUM | May 13, 2016 |
| CVE-2016-0148 | Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka .NET Framework Remote Code Execution Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0147 | Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka MSXML 3.0 Remote Code Execution Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0146 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-0145 | The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka Graphics Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0144 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-0143 | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-0165 and CVE-2016-0167. | HIGH | Apr 12, 2016 |
| CVE-2016-0142 | Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka Microsoft Video Control Remote Code Execution Vulnerability. | HIGH | Oct 17, 2016 |
| CVE-2016-0141 | The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka Microsoft Information Disclosure Vulnerability. | MEDIUM | Sep 14, 2016 |
| CVE-2016-0140 | Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | May 11, 2016 |
| CVE-2016-0139 | Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0138 | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka Microsoft Exchange Information Disclosure Vulnerability. | MEDIUM | Sep 14, 2016 |
| CVE-2016-0137 | The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka Microsoft APP-V ASLR Bypass. | MEDIUM | Sep 14, 2016 |
| CVE-2016-0136 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0135 | The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka Secondary Logon Elevation of Privilege Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0134 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Mar 11, 2016 |
| CVE-2016-0133 | The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka USB Mass Storage Elevation of Privilege Vulnerability. | HIGH | Mar 9, 2016 |
| CVE-2016-0132 | Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka .NET XML Validation Security Feature Bypass. | HIGH | Mar 11, 2016 |
| CVE-2016-0131 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-0130 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. | HIGH | Mar 9, 2016 |
| CVE-2016-0129 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. | HIGH | Mar 9, 2016 |
| CVE-2016-0128 | The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"Windows SAM and LSAD Downgrade Vulnerability\" or \"BADLOCK.\" | MEDIUM | Sep 27, 2019 |
| CVE-2016-0127 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0126 | Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | May 11, 2016 |
| CVE-2016-0125 | Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka Microsoft Edge Information Disclosure Vulnerability. | LOW | Mar 9, 2016 |
| CVE-2016-0124 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. | HIGH | Mar 9, 2016 |
| CVE-2016-0123 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka Microsoft Edge Memory Corruption Vulnerability, a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. | HIGH | Mar 9, 2016 |
| CVE-2016-0122 | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka Microsoft Office Memory Corruption Vulnerability. | HIGH | Apr 12, 2016 |
| CVE-2016-0121 | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka OpenType Font Parsing Vulnerability. | HIGH | Mar 9, 2016 |
| CVE-2016-0120 | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka OpenType Font Parsing Vulnerability.Per Microsoft: For systems running Windows 10, an attacker who successfully exploited the vulnerability could potentially cause the application to stop responding instead of the system. | HIGH | Mar 9, 2016 |
| CVE-2016-0119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-0118 | The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka Windows Remote Code Execution Vulnerability. | HIGH | Mar 9, 2016 |
| CVE-2016-0117 | The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka Windows Remote Code Execution Vulnerability. | HIGH | Mar 11, 2016 |
