9.3
CVE-2016-7256
- EPSS 59.04%
- Published 10.11.2016 07:00:10
- Last modified 12.04.2025 10:46:40
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1507 Version-
Microsoft ≫ Windows 10 1511 Version-
Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Server 2016 Version-
Microsoft ≫ Windows Vista Version- Updatesp2
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Open Type Font Remote Code Execution Vulnerability
VulnerabilityA remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 59.04% | 0.981 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|