GDI Information Disclosure in Microsoft Windows and Office Products
CVE-2016-7257

6.5MEDIUM

Key Information:

Vendor

Microsoft
Status
Office For Mac
Windows 7
Windows Server 2008
Windows Vista
Vendor
CVE Published:
20 December 2016

What is CVE-2016-7257?

The GDI component in various Microsoft Windows and Office products contains a vulnerability that allows remote attackers to access sensitive information from process memory. By exploiting this weakness via malicious web pages, an attacker could potentially retrieve critical data, impacting user privacy and system confidentiality. It is crucial for users of affected products to apply the necessary updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securitytracker.com/id/1037438
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94755
vdb-entryx_refsource_BID

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.