Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The remote Windows host is missing KB3209498. It is, therefore, affected by multiple vulnerabilities :
- Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892)
- Multiple buffer overflow conditions exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870)
- Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876)
- An unspecified security bypass vulnerability exists.
(CVE-2016-7890)
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016.