GDI32.dll ASLR Bypass Vulnerability in Microsoft Windows Products
CVE-2016-0008

4.3MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Server 2008
Windows Server 2012
Windows Rt
Windows 8.1
Vendor
CVE Published:
13 January 2016

Summary

The vulnerability in Microsoft's graphics device interface allows remote attackers to circumvent the Address Space Layout Randomization (ASLR) protection mechanism in various Windows operating systems. Exploiting this vulnerability can lead to unauthorized remote access and may facilitate further attacks on the system. This issue affects multiple Windows versions, emphasizing the need for users to apply the necessary security updates.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
https://www.verisign.com/en_US/security-services/security...
third-party-advisoryx_refsource_IDEFENSE
http://www.securitytracker.com/id/1034654
vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.