Kaspersky LabKLA10883KLA10883 OSI vulnerability in Microsoft Products
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.6%
An information disclosure vulnerability was found in Microsoft Products. Malicious users can exploit this vulnerability to obtain sensitive information.
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
Microsoft-Office-Live-Meeting-2007
CVE list
CVE-2016-3209 warning
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Silverlight 5Windows Vista Service Pack 2Windows Server 2008 Service Pack 2Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1Windows 8.1Windows Server 2012Windows Server 2012 R2Windows RT 8.1Windows 10Windows 10 1511, 1607.NET Framework versions 3.0 SP2, 3.5, 3.5.1, 4.5.2 and 4.6Office 2007 Service Pack 3Office 2010 Service Pack 2Word ViewerSkype for Business 2016Lync 2013 Service Pack 1Lync 2010Live Meeting 2007 Console
References
support.microsoft.com/kb/3188726
support.microsoft.com/kb/3188730
support.microsoft.com/kb/3188731
support.microsoft.com/kb/3188732
support.microsoft.com/kb/3188735
support.microsoft.com/kb/3188740
support.microsoft.com/kb/3188741
support.microsoft.com/kb/3188743
support.microsoft.com/kb/3189039
support.microsoft.com/kb/3189040
support.microsoft.com/kb/3189051
support.microsoft.com/kb/3189052
support.microsoft.com/kb/3192440
support.microsoft.com/kb/3192441
support.microsoft.com/kb/3193713
support.microsoft.com/kb/3194798
nvd.nist.gov/vuln/detail/CVE-2016-3209
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Lync-2010-Attendee/
threats.kaspersky.com/en/product/Microsoft-Lync/
threats.kaspersky.com/en/product/Microsoft-Office-Live-Meeting-2007/
threats.kaspersky.com/en/product/Microsoft-Office/
threats.kaspersky.com/en/product/Microsoft-Silverlight/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Vista-4/
threats.kaspersky.com/en/product/Microsoft-Word/
threats.kaspersky.com/en/product/Skype-for-Windows/
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.6%