BDU:2016-01342

BDU

CriticalConfirmedExploit available

Уязвимость компонента GDI операционной системы Windows связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нар…

CVSS

9.3

Critical

EPSS

0.00

Published

2016-01-01

Updated

2016-01-01

Description

Уязвимость компонента GDI операционной системы Windows связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного документа

Affected products

Microsoft corp Windows_10_1511Microsoft corp Windows_10_rtmMicrosoft corp Windows_7 service pack 1Microsoft corp Windows_8.1Microsoft corp Windows_rt 8.1Microsoft corp Windows_server_2008Microsoft corp Windows_server_2008Microsoft corp Windows_server_2012Microsoft corp Windows_server_2012Microsoft corp Windows_vista service pack 2Microsoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft Windows

CVSS vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Timeline

2016-01-01

Published

2016-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: C

Complete

Integrity Impact

I: C

Complete

Availability Impact

A: C

Complete

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

39834

exploitdb · https://www.exploit-db.com/exploits/39834

Enterprise

Affected products

Microsoft

Windows Windows Server 2012 Windows Server 2008 Windows 8.1 Windows Rt 8.1 Windows 7 Service Pack 1 Windows Vista Service Pack 2 Windows 10 1511 Windows 10 Rtm

Product	Vendor	Status
windows_10_1511	microsoft corp	Tracked
windows_10_rtm	microsoft corp	Tracked
windows_7 service pack 1	microsoft corp	Tracked
windows_8.1	microsoft corp	Tracked
windows_rt 8.1	microsoft corp	Tracked
windows_server_2008	microsoft corp	Tracked
windows_server_2008	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_vista service pack 2	microsoft corp	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Showing first 20 of 315

Source databases

BDU

MSR

Related vulnerabilities

CVE-2016-0170

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0170@http://technet.microsoft.com/security/bulletin/MS16-055@http://www.exploit-db.com/exploits/39834/@http://technet.microsoft.com/security/bulletin/MS16-055