From winvulns-announcements at bigmail.bigfix.com  Tue Jul 19 05:21:09 2016
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Tue, 19 Jul 2016 05:21:09 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.1237.1468930871.6196.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 497	Published: Mon, 18 Jul 2016 20:20:09  GMT

New Fixlets:
============

***************************************************************
Title: Microsoft Office Memory Corruption Vulnerability - CVE-2016-3233 (MS16-070)
Severity: High
Fixlet ID: 87601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A876
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3233
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

***************************************************************
Title: Microsoft Office Information Disclosure Vulnerability - CVE-2016-3234 (MS16-070)
Severity: Medium
Fixlet ID: 87701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A877
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3234
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

***************************************************************
Title: Microsoft Office OLE DLL Side Loading Vulnerability - CVE-2016-3235 (MS16-070)
Severity: High
Fixlet ID: 87901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A879
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3235
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

***************************************************************
Title: Windows Diagnostics Hub Elevation of Privilege Vulnerability - CVE-2016-3231 (MS16-078)
Severity: High
Fixlet ID: 88001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A880
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3231
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."

***************************************************************
Title: Windows SMB Server Elevation of Privilege Vulnerability - CVE-2016-3225 (MS16-075)
Severity: Medium
Fixlet ID: 88101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A881
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3225
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."

***************************************************************
Title: Active Directory Denial of Service Vulnerability - CVE-2016-3226 (MS16-081)
Severity: Medium
Fixlet ID: 88202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A882
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3226
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

***************************************************************
Title: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability - CVE-2016-3228 (MS16-076)
Severity: High
Fixlet ID: 88302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A883
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3228
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."

***************************************************************
Title: Windows Search Component Denial of Service Vulnerability - CVE-2016-3230 (MS16-082)
Severity: Low
Fixlet ID: 88401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A884
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3230
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."

***************************************************************
Title: Microsoft Exchange Information Disclosure Vulnerability - CVE-2016-0028 (MS16-079)
Severity: Medium
Fixlet ID: 88502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A885
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0028
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4130
Severity: High
Fixlet ID: 88602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A886
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4130
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4124
Severity: High
Fixlet ID: 88701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A887
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4124
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4126
Severity: High
Fixlet ID: 88802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A888
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4126
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4133
Severity: High
Fixlet ID: 89002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A890
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4133
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4138
Severity: High
Fixlet ID: 89202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A892
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4138
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4123
Severity: High
Fixlet ID: 89302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A893
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4123
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities - CVE-2015-6015 (MS16-079)
Severity: High
Fixlet ID: 89402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A894
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6015
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4137
Severity: High
Fixlet ID: 89502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A895
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4137
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4131
Severity: High
Fixlet ID: 89602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A896
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4131
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4135
Severity: High
Fixlet ID: 89702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A897
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4135
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4125
Severity: High
Fixlet ID: 89901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A899
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4125
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4136
Severity: High
Fixlet ID: 90102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A901
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4136
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4134
Severity: High
Fixlet ID: 90201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A902
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4134
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4128
Severity: High
Fixlet ID: 90302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A903
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4128
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4129
Severity: High
Fixlet ID: 90402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A904
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4129
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4140
Severity: High
Fixlet ID: 90501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A905
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4140
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4142
Severity: High
Fixlet ID: 90602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A906
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4142
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities - CVE-2015-6013 (MS16-079)
Severity: High
Fixlet ID: 90702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A907
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6013
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4141
Severity: High
Fixlet ID: 90802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A908
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4141
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities - CVE-2015-6014 (MS16-079)
Severity: High
Fixlet ID: 90902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A909
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6014
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4127
Severity: High
Fixlet ID: 91002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A910
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4127
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4122
Severity: High
Fixlet ID: 91102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A911
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4122
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4132
Severity: High
Fixlet ID: 91202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A912
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4132
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4139
Severity: High
Fixlet ID: 91302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A913
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4139
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4153
Severity: High
Fixlet ID: 91401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A914
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4153
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4145
Severity: High
Fixlet ID: 91502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A915
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4145
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4146
Severity: High
Fixlet ID: 91602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A916
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4146
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4147
Severity: High
Fixlet ID: 91701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A917
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4147
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4144
Severity: High
Fixlet ID: 91802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A918
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4144
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4154
Severity: High
Fixlet ID: 91902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A919
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4154
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4155
Severity: High
Fixlet ID: 92002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A920
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4155
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4150
Severity: High
Fixlet ID: 92102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A921
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4150
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4149
Severity: High
Fixlet ID: 92202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A922
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4149
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4166
Severity: High
Fixlet ID: 92302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A923
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4166
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4148
Severity: High
Fixlet ID: 92402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A924
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4148
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4156
Severity: High
Fixlet ID: 92502
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A925
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4156
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4151
Severity: High
Fixlet ID: 92602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A926
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4151
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4152
Severity: High
Fixlet ID: 92702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A927
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4152
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier - CVE-2016-4143
Severity: High
Fixlet ID: 92801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A928
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4143
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.

***************************************************************
Title: Windows Media Parsing Remote Code Execution Vulnerability - CVE-2016-0101 (MS16-027)
Severity: High
Fixlet ID: 92902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A929
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0101
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

***************************************************************
Title: Silverlight Runtime Remote Code Execution Vulnerability - CVE-2016-0034 (MS16-006)
Severity: High
Fixlet ID: 93002
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A930
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0034
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."

***************************************************************
Title: Win32k Elevation of Privilege Vulnerability - CVE-2016-3218 (MS16-073)
Severity: Medium
Fixlet ID: 93901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A939
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3218
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.

***************************************************************
Title: Windows Virtual PCI Information Disclosure Vulnerability - CVE-2016-3232 (MS16-073)
Severity: Low
Fixlet ID: 94001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A940
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3232
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."

***************************************************************
Title: Win32k Elevation of Privilege Vulnerability - CVE-2016-3221 (MS16-073)
Severity: Medium
Fixlet ID: 94101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A941
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3221
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.

***************************************************************
Title: Windows Graphics Component Information Disclosure Vulnerability - CVE-2016-3216 (MS16-074)
Severity: Medium
Fixlet ID: 94202
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A942
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3216
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."

***************************************************************
Title: Win32k Elevation of Privilege Vulnerability - CVE-2016-3219 (MS16-074)
Severity: Medium
Fixlet ID: 94301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A943
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3219
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

***************************************************************
Title: ATMFD.DLL Elevation of Privilege Vulnerability - CVE-2016-3220 (MS16-074)
Severity: Medium
Fixlet ID: 94402
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A944
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3220
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."

***************************************************************
Title: Windows Media Parsing Remote Code Execution Vulnerability - CVE-2016-0098 (MS16-027)
Severity: High
Fixlet ID: 94501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A945
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0098
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

***************************************************************
Title: Windows OLE Memory Remote Code Execution Vulnerability - CVE-2016-0092 (MS16-030)
Severity: High
Fixlet ID: 94602
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A946
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0092
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.

***************************************************************
Title: Windows OLE Memory Remote Code Execution Vulnerability - CVE-2016-0091 (MS16-030)
Severity: Medium
Fixlet ID: 94701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A947
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0091
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.

***************************************************************
Title: Windows DLL Loading Denial of Service Vulnerability - CVE-2016-0044 (MS16-014)
Severity: Medium
Fixlet ID: 94802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A948
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."

***************************************************************
Title: Windows Kerberos Security Feature Bypass - CVE-2016-0049 (MS16-014)
Severity: Low
Fixlet ID: 95902
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A959
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0049
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."

***************************************************************
Title: WebDAV Elevation of Privilege Vulnerability - CVE-2016-0051 (MS16-016)
Severity: High
Fixlet ID: 96001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A960
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0051
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."

***************************************************************
Title: Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability - CVE-2016-0036 (MS16-017)
Severity: High
Fixlet ID: 96102
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A961
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0036
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."


From winvulns-announcements at bigmail.bigfix.com  Fri Jul 29 05:20:57 2016
From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages)
Date: Fri, 29 Jul 2016 05:20:57 -0700
Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets
	Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Message-ID: <mailman.384.1469794858.6195.winvulns-announcements@bigmail.bigfix.com>

Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 499	Published: Thu, 28 Jul 2016 20:36:27  GMT

New Fixlets:
============

***************************************************************
Title: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.
Severity: High
Fixlet ID: 96302
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A963
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6284
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo

Fixlet Description: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.