Vulnerabilities Weekly Summary Ending February 12
By Jerry Adams on February 16, 2016
Microsoft released their security bulletin for February. Everything from Windows local privilege-escalation exploits to Office remote memory-corruption vulnerability to SharePoint Cross Site Scripting vulnerabilities were fixed in these patches.
Below are a list of vulnerabilities that Symantec has labeled the risk as “High”:
- CVE-2016-0061 – Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability
- CVE-2016-0084 – Microsoft Edge Remote Memory Corruption Vulnerability
- CVE-2016-0038 – Microsoft Windows Journal Memory Corruption Vulnerability
- CVE-2016-0058 – Microsoft Windows PDF Library Buffer Overflow Vulnerability
- CVE-2016-0053 – Microsoft Office Memory Corruption Vulnerability
- CVE-2016-0064 – Microsoft Internet Explorer Remote Memory Corruption Vulnerability
- CVE-2016-0067 – Microsoft Internet Explorer Remote Memory Corruption Vulnerability
- CVE-2016-0072 – Microsoft Internet Explorer Remote Memory Corruption Vulnerability
- CVE-2016-0046 – Microsoft Windows Reader Remote Code Execution Vulnerability
- CVE-2016-0062 – Microsoft Internet Explorer and Edge Remote Memory Corruption Vulnerability
- CVE-2016-0060 – Microsoft Internet Explorer Remote Memory Corruption Vulnerability
- CVE-2016-0063 – Microsoft Internet Explorer Remote Memory Corruption Vulnerability
Two vulnerabilities were also found in Apple’s products. OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond. And iOS versions 9.1, 9.2, and 9.2.1 suffer from a pass code bypass application loop vulnerability.
There were also several updates to some previously published vulnerabilities in the Linux Kernel. Below are the list of vulnerabilities:
- CVE-2015-7990 – Linux Kernel Incomplete Fix Null Pointer Deference Denial of Service Vulnerability
- CVE-2015-8374 – Linux Kernel ‘btrfs/inode.c’ Information Disclosure Vulnerability
- CVE-2013-7446 – Linux kernel Use After Free Denial of Service Vulnerability
Lastly a vulnerability, CVE-2016-1287 was discovered in Cisco’s Adaptive Security Appliance (ASA) Internet Key Exchange versions 1 and 2 (IKEv1 and IKEv2). The vulnerability was due to a buffer overflow. An attacker could exploit the vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Cisco quickly released an update to address this vulnerability.
References:
Cisco. (2016 Feb. 16). Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability. Retrieved from https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike on Feb. 16, 2016.
Microsoft. (2016 Feb. 16). Microsoft Security Bulletin Summary for February 2016. Retrieved from https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx on Feb. 16, 2016.
Packet Storm. (2016 Feb. 9). Operating System: Apple. Retrieved from https://rss.packetstormsecurity.com/files/os/apple/ on Feb. 16, 2016.
Security Focus. (2016 Feb. 11). Vulnerabilities. Retrieved from http://www.securityfocus.com/vulnerabilities on Feb. 16, 2016.
Symantec. (2016 Feb. 9). Vulnerabilities. Retrieved from http://www.symantec.com/security_response/landing/vulnerabilities.jsp on Feb. 16, 2016.
US-CERT. (2016 Feb. 11). Vulnerability Note VU#327976: Cisco Adaptive Security Appliance (ASA) IKEv1 and IKEv2 contains a buffer overflow vulnerability. Retrieved from http://www.kb.cert.org/vuls/id/327976 on Feb. 16, 2016.
-
CrushFTP CVE-2025-31161 Vulnerability
CrushFTP CVE-2025-31161 Vulnerability
4/11/2025 -
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
4/4/2025 -
Next.js Middleware CVE-2025-29927 Vulnerability
Next.js Middleware CVE-2025-29927 Vulnerability
4/4/2025