Zero-day vulnerability in Windows

Arbitrary code execution
CVE-2016-3393

The vulnerability has been used by an APT group Kaspersky Lab call FruityArmor. Victims have been identified in Thailand, Iran, Algeria, Yemen, Saudi Arabia and Sweden.

Vulnerability details

Advisory: SB2016101102 - Multiple vulnerabilities in Microsoft Windows

Vulnerable component: Windows

CVE-ID: CVE-2016-3393

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Graphics Device Interface (GDI) component. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Latest references in media:

- Microsoft Patches Zero-Day Under Active Attack by APT [2018-10-10 11:40:08]

- Microsoft October 2018 Patch Tuesday fixes zero-day exploited by FruityArmor APT | ZDNet [2018-10-09 22:00:18]

- Patch Tuesday of December 2016: Microsoft Releases 12 Bulletins, Six Critical [2016-12-14 10:30:13]

- Fruity hacking group juiced by Microsoft's October patch parade [2016-10-21 07:40:01]

- FruityArmor APT exploited Windows Zero-Day flaws in attacks in the wild [2016-10-20 19:33:27]

- FruityArmor APT Group Used Recently Patched Windows Zero Day [2016-10-20 13:32:59]

- FruityArmor APT Group Used Windows Zero Day to Escape Sandboxes [2016-10-20 13:03:54]

- Windows Zero-Day Exploited by "FruityArmor" APT Group [2016-10-20 11:43:17]

- Microsoft has released its monthly Patch Tuesday update including patches for 5 Zero-Day Vulnerabilities that are being Exploited in the Wild [2016-10-18 23:58:47]

- Patch Tuesday fixes four Microsoft zero-day flaws exploited in the wild [2016-10-12 11:41:55]

- Microsoft Patches 4 Vulnerabilities Exploited in the Wild [2016-10-12 11:01:50]

- Microsoft has released its monthly Patch Tuesday update including patches for 5 Zero-Day Vulnerabilities that are being Exploited in the Wild [2016-10-12 09:47:37]

- October Patch Tuesday: Changes, urgent updates and what’s coming next [2016-10-12 08:32:23]

- Microsoft Patches Five Zero Days Under Attack [2016-10-11 21:21:33]

- Microsoft released 10 patches, 6 rated critical, 5 fixed zero-day flaws [2016-10-11 21:07:25]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.