CVE-2016-3209

CVE-2016-3209 affects Microsoft GDI+ across Windows Vista/7/8.1/Server 2008-2012 and various Office/.NET components, enabling information disclosure by bypassing ASLR through unspecified vectors. Connected sources confirm exploitation activity (e.g., Exploit DB). Public references note MS16-120 a...

Microsoft .NET Framework Information Disclosure Vulnerability (3192884)

This host is missing an important security update according to Microsoft Bulletin MS16-120. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS16-120: Security Update for Microsoft Graphics Component (3192884)

The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist in the Windows GDI component due to improper handling of objects in memory. A local attacker can exploit these vulnerabilities, vi...

KLA10884 Code execution vulnerability in Microsoft Office

An improper RTF handling was found in Microsoft Office. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed file. Original advisories CVE-2016-3263 CVE-2016-3209 CVE-2016-3262 CVE-2016-7182 CVE-2016-339...

Microsoft Windows True Type Font Parsing Information Disclosure (MS16-120: CVE-2016-3209)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the True Type Font TTF driver handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted EMF fil...