JSON View XML View

Key Value
MTID M114988
Title (MS16-120) Microsoft Windows Graphics GDI+ Information Disclosure I (3192884)
Description A vulnerability in some versions of Microsoft Windows Graphics could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows Graphics could lead to information disclosure.


The flaw occurs in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-120

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-142
- Cumulative Update for Windows 10 (KB3198585): KB3198585
- Cumulative Update for Windows 10 Version 1511 (KB3198586): KB3198586
- Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3198586): KB3198586
- Cumulative Update for Windows 10 Version 1607 (KB3200970): KB3200970
- November, 2016 Security Monthly Quality Rollup for Windows 7 (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ( (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 (KB3197877): KB3197877
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3197874): KB3197874

https://technet.microsoft.com/library/security/MS16-142

Vendor Microsoft
Attack Vector Maliciously Crafted File
Importance 5
Impact 2.8627500
Threat Score 4.96
Labels
Patch Tuesday
References
CVECVE-2016-3209
MSFTBulletinMS16-120
MSFTQNumber3192884
DISA IAVA2016-A-0278
MTIDM114988
CPEs
cpe:/a:microsoft:word_viewer:2003:sp3
cpe:/o:microsoft:windows_vista:sp2
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_7:sp1
cpe:/a:microsoft:.net_framework:3.5.1
cpe:/a:microsoft:.net_framework:3.5:sp1
cpe:/o:microsoft:windows_7::sp1:x64
cpe:/o:microsoft:windows_server_2008:sp2
cpe:/a:microsoft:silverlight:5
cpe:/a:microsoft:lync:2010
cpe:/a:microsoft:lync:2010_attendee
cpe:/a:microsoft:live_meeting_2007_console:2007
cpe:/o:microsoft:windows_server_2012
cpe:/a:microsoft:lync:2010::x64
cpe:/o:microsoft:windows_server_2008:r2:sp1
cpe:/a:microsoft:net_framework:3.0_sp2
cpe:/a:microsoft:lync_basic:2013
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/a:microsoft:office:2010:sp2
cpe:/o:microsoft:windows_8.1
cpe:/o:microsoft:windows_8.1:::x64
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_rt:8.1
cpe:/a:microsoft:lync:2013:sp1
cpe:/a:microsoft:lync:2013:sp1:x64
cpe:/a:microsoft:.net_framework:4.5.2
cpe:/a:microsoft:lync_basic:2013:sp1
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_10:::x64
cpe:/a:microsoft:.net_framework:4.6
cpe:/a:microsoft:skype_for_business:2016
cpe:/a:microsoft:skype_for_business:2016::x64
cpe:/o:microsoft:windows:10_version_1511:10_version_1511
cpe:/o:microsoft:windows:10_version_1511_x64:10_version_1511_x64
cpe:/a:microsoft:windows:10_version_1607
cpe:/a:microsoft:windows:10_version_1607::x64
Created At 2016-10-11 00:00:00 UTC
Updated At 2016-11-19 10:31:29 UTC

Back