GDI Information Disclosure in Microsoft Windows and Office Products
CVE-2016-7257

6.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Office For Mac
Windows 7
Windows Server 2008
Windows Vista
Vendor
CVE Published:
20 December 2016

What is CVE-2016-7257?

The GDI component in various Microsoft Windows and Office products contains a vulnerability that allows remote attackers to access sensitive information from process memory. By exploiting this weakness via malicious web pages, an attacker could potentially retrieve critical data, impacting user privacy and system confidentiality. It is crucial for users of affected products to apply the necessary updates to mitigate this risk.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securitytracker.com/id/1037438
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94755
vdb-entryx_refsource_BID

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.