CVE-2016-0170

Description

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."

Related CPE's

omicrosoftwindows_rt_8.1********

omicrosoftwindows_server_2012r2*******

omicrosoftwindows_7*sp1******

omicrosoftwindows_7-sp1x86*****

omicrosoftwindows_101511*******

omicrosoftwindows_8.1********

omicrosoftwindows_server_2008r2sp1******

omicrosoftwindows_vista*sp2******

omicrosoftwindows_server_2012********

omicrosoftwindows_10********

References

89864

1035823

http://packetstormsecurity.com/files/137096/Microsoft-Windows-gdi32.dll-ExtEscape-Buffer-Overflow.html

MS16-055

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

8.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

REQUIRED

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io