JSON View XML View

Key Value
MTID M114991
Title (MS16-120) Microsoft Windows Graphics True Type Font Parsing Privilege Escalation (3192884)
Description A vulnerability in some versions of Microsoft Windows Graphics could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows Graphics could lead to privilege escalation.


The flaw occurs when the Windows Graphics Component improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges.
Recommendation The vendor has released an update to address this issue.

https://technet.microsoft.com/library/security/MS16-120

Superseded patch information:

The patches for the following products are superseded by patches provided in: MS16-142
- Cumulative Update for Windows 10 (KB3198585): KB3198585
- Cumulative Update for Windows 10 Version 1511 (KB3198586): KB3198586
- Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3198586): KB3198586
- Cumulative Update for Windows 10 Version 1607 (KB3200970): KB3200970
- November, 2016 Security Monthly Quality Rollup for Windows 7 (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ( (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3197874): KB3197874
- November, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3197868): KB3197868
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 (KB3197877): KB3197877
- November, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3197874): KB3197874

https://technet.microsoft.com/library/security/MS16-142

Vendor Microsoft
Attack Vector Authenticated locally logged on user with limited privileges
Importance 10
Impact 10.00084536000
Threat Score 10.0
Labels
Patch Tuesday
References
CVECVE-2016-7182
MSFTBulletinMS16-120
MSFTQNumber3192884
DISA IAVA2016-A-0278
MTIDM114991
CPEs
cpe:/a:microsoft:word_viewer:2003:sp3
cpe:/o:microsoft:windows_vista:sp2
cpe:/o:microsoft:windows_server_2008::sp2:x64
cpe:/o:microsoft:windows_vista::sp2:x64
cpe:/o:microsoft:windows_7:sp1
cpe:/o:microsoft:windows_7::sp1:x64
cpe:/o:microsoft:windows_server_2008:sp2
cpe:/a:microsoft:office:2007:sp3
cpe:/a:microsoft:lync:2010
cpe:/a:microsoft:lync:2010_attendee
cpe:/a:microsoft:live_meeting_2007_console:2007
cpe:/o:microsoft:windows_server_2012
cpe:/a:microsoft:lync:2010::x64
cpe:/o:microsoft:windows_server_2008:r2:sp1
cpe:/a:microsoft:office:2010:sp2:x64
cpe:/a:microsoft:office:2010:sp2
cpe:/o:microsoft:windows_8.1
cpe:/o:microsoft:windows_8.1:::x64
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_rt:8.1
cpe:/a:microsoft:lync:2013:sp1
cpe:/a:microsoft:lync:2013:sp1:x64
cpe:/a:microsoft:lync_basic:2013:sp1
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_10:::x64
cpe:/a:microsoft:skype_for_business:2016
cpe:/a:microsoft:skype_for_business:2016::x64
cpe:/o:microsoft:windows:10_version_1511:10_version_1511
cpe:/o:microsoft:windows:10_version_1511_x64:10_version_1511_x64
cpe:/a:microsoft:windows:10_version_1607
cpe:/a:microsoft:windows:10_version_1607::x64
cpe:/a:microsoft:lync_basic:2013_sp1_x64
Created At 2016-10-11 00:00:00 UTC
Updated At 2016-11-19 10:31:24 UTC

Back