Executive Summary

Title Security Update for Microsoft XML Core Services (3148541)
Name MS16-040 First vendor Publication 2016-04-12
Vendor Microsoft Last vendor Modification 2016-04-12
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Severity Rating: Critical
Revision Note: V1.0 (April 12, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user?s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS16-040

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Application 1

Snort® IPS/IDS

Date Description
2016-05-12 Microsoft XML Core Services ActiveX control use after free attempt
RuleID : 38464 - Revision : 2 - Type : BROWSER-PLUGINS
2016-05-12 Microsoft XML Core Services ActiveX control use after free attempt
RuleID : 38463 - Revision : 2 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2016-04-12 Name : The remote host is affected by a remote code execution vulnerability.
File : smb_nt_ms16-040.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-10-13 05:21:39
  • Multiple Updates
2016-04-14 21:30:10
  • Multiple Updates
2016-04-13 13:20:42
  • Multiple Updates
2016-04-13 05:28:06
  • Multiple Updates
2016-04-12 21:16:25
  • First insertion