Graphics Memory Corruption Vulnerability in Microsoft Windows and Office Products
CVE-2016-0145

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Live Meeting
Windows Server 2012
Lync
Office
Vendor
CVE Published:
12 April 2016

Summary

An issue has been identified in the font library of numerous Microsoft products that allows an attacker to execute arbitrary code remotely. This vulnerability arises when a crafted embedded font is processed, leading to potential exploitation which may compromise system integrity. It affects various versions of Windows and Office, highlighting the need for users to apply recommended security patches to mitigate the risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1035529
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1035530
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1035532
vdb-entryx_refsource_SECTRACK

EPSS Score

70% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.