Lucene search

K
nvd[email protected]NVD:CVE-2016-7256
HistoryNov 10, 2016 - 7:00 a.m.

CVE-2016-7256

2016-11-1007:00:10
web.nvd.nist.gov
8

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.838

Percentile

98.5%

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka “Open Type Font Remote Code Execution Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_10_1507Match-
OR
microsoftwindows_10_1511Match-
OR
microsoftwindows_10_1607Match-
OR
microsoftwindows_7Match-sp1
OR
microsoftwindows_8.1Match-
OR
microsoftwindows_rt_8.1Match-
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2sp1
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_vistaMatch-sp2
VendorProductVersionCPE
microsoftwindows_10_1507-cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*
microsoftwindows_10_1511-cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*
microsoftwindows_10_1607-cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
microsoftwindows_rt_8.1-cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
microsoftwindows_server_2012-cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Rows per page:
1-10 of 121

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.838

Percentile

98.5%