Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2016-0145
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability.".
CVSSv2.0 Score
- Severity
- High
- Base Score
- 9.3/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 10/10
- Confidentiality Impact
- Complete
- Availability Impact
- Complete
- Integrity Impact
- Complete
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.8/10
- Exploit Score
- 2.8/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- Required
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.securitytracker.com/id/1035532
- http://www.securitytracker.com/id/1035528
- http://www.securitytracker.com/id/1035531
- http://www.securitytracker.com/id/1035529
- http://www.securitytracker.com/id/1035530
- https://www.exploit-db.com/exploits/39743/
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039