CVE-2016-3303

EUVD-2016-4335
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftword_viewer
*
microsoftwindows_7
*
microsoftwindows_server_2008
*
microsoftwindows_vista
*
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 7
Service Pack 1 (x64, x86)
KB3178034
Windows Server 2008
Service Pack 2 (x64, x86)
KB3178034
Service Pack 2 Server Core (x64, x86)
KB3178034
Windows Server 2008 R2
Service Pack 1 (x64)
KB3178034
Service Pack 1 Server Core (x64)
KB3178034
Windows Vista
Service Pack 2
KB3178034
x64 Edition
KB3178034
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92301
http://www.securitytracker.com/id/1036564
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097
https://www.exploit-db.com/exploits/40256/
http://www.securityfocus.com/bid/92301
http://www.securitytracker.com/id/1036564
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097
https://www.exploit-db.com/exploits/40256/