5.5

CVE-2016-3209

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Framework Version3.0 Updatesp2
Microsoft.Net Framework Version3.5
Microsoft.Net Framework Version3.5.1
Microsoft.Net Framework Version4.5.2
Microsoft.Net Framework Version4.6
MicrosoftLive Meeting Version2007
MicrosoftLync Version2010
MicrosoftLync Version2010 Editionattendee
MicrosoftLync Version2013 Updatesp1
MicrosoftOffice Version2007 Updatesp3
MicrosoftOffice Version2010 Updatesp2
MicrosoftSilverlight Version5.0
MicrosoftSkype For Business Version2016
MicrosoftWord Viewer Version-
MicrosoftWindows 10 Version-
MicrosoftWindows 10 Version1511
MicrosoftWindows 10 Version1607
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1
MicrosoftWindows Vista Version- Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.45% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.