JSON View XML View

Key Value
MTID M113536
Title (MS16-097) Microsoft Windows Graphics Component Remote Code Execution I (3177393)
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw occurs when the Windows font library improperly handles specially crafted embedded fonts. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-097

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-120
- Cumulative Update for Windows 10 (KB3192440): KB3192440
- Cumulative Update for Windows 10 Version 1511 (KB3192441): KB3192441
- Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3192441): KB3192441
- Cumulative Update for Windows 10 Version 1607 (KB3194798): KB3194798
- Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3194798): KB3194798
- Cumulative Update for Windows Server 2016 for x64-based Systems (KB3194798): KB3194798
- Microsoft Lync 2010 Attendee - Administrator level installation: KB3188400
- Microsoft Lync 2010 X64: KB3188397
- Microsoft Lync 2010 X86: KB3188397
- Microsoft Office 2007 suites: KB3118301
- Microsoft Office 2010 32-Bit Edition: KB3118317
- Microsoft Office 2010 64-Bit Edition: KB3118317
- Skype for Business 2015 32-Bit Edition: KB3118348
- Skype for Business 2015 64-Bit Edition: KB3118348
- Skype for Business 2016 32-Bit Edition: KB3118327
- Skype for Business 2016 64-Bit Edition: KB3118327
- Microsoft Windows Server 2008: KB3191203
- Microsoft Windows Server 2008 x64 Edition: KB3191203
- Microsoft Windows Vista: KB3191203
- Microsoft Windows Vista for x64-based Systems: KB3191203

The patches for the following products are superseded by patches provided in: MS16-142
- November, 2016 Security Monthly Quality Rollup for Windows 7 (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ( (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 (KB3197877): KB3197877
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3197874): KB3197874

https://technet.microsoft.com/library/security/MS16-120
https://technet.microsoft.com/library/security/MS16-142

Vendor Microsoft
Attack Vector Website with malicious content
Importance 9
Impact 10.00084536000
Threat Score 9.33
Labels
Patch Tuesday
References
CVECVE-2016-3301
MSFTBulletinMS16-097
MSFTQNumber3177393
DISA IAVA2016-A-0205
MTIDM113536
CPEs
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium
cpe:/o:microsoft:windows_vista::sp2
cpe:/o:microsoft:windows_7::sp1:x64
cpe:/o:microsoft:windows_server_2008:r2:sp1:x64
cpe:/a:microsoft:office:2007:sp3
cpe:/o:microsoft:windows_server_2008:-:sp2:itanium
cpe:/o:microsoft:windows_7::sp1:x86
cpe:/o:microsoft:windows_server_2008:-:sp2:x86
cpe:/o:microsoft:windows_server_2012
cpe:/a:microsoft:word_viewer
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/o:microsoft:windows_8.1
cpe:/o:microsoft:windows_8.1:::x64
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_rt:8.1
cpe:/a:microsoft:office:2010:sp2:x86
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_10:::x64
cpe:/a:microsoft:skype_for_business:2016
cpe:/a:microsoft:skype_for_business:2016::x64
cpe:/o:microsoft:windows:10_version_1511:10_version_1511
cpe:/o:microsoft:windows:10_version_1511_x64:10_version_1511_x64
cpe:/a:microsoft:windows:10_version_1607
cpe:/a:microsoft:windows:10_version_1607::x64
Created At 2016-08-09 00:00:00 UTC
Updated At 2016-11-19 10:30:58 UTC

Back