Remote Code Execution Vulnerability in Microsoft Windows Products
CVE-2016-3396

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Word Viewer
Live Meeting
Windows Server 2012
Lync
Vendor
CVE Published:
14 October 2016

Summary

The Graphics Device Interface (GDI+) in various Microsoft Windows platforms contains a vulnerability that allows remote attackers to execute arbitrary code. This issue arises when the system processes a specially crafted embedded font, leading to potential unauthorized access and control over affected systems. Organizations using the impacted Windows versions are strongly advised to apply the latest security updates to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1036988
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/93380
vdb-entryx_refsource_BID

EPSS Score

34% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.