CVE-2016-3263

MEDIUM

Microsoft Windows and Office Products - ASLR Bypass via GDI+ Information Disclosure

Title source: llm
STIX 2.1

Description

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036988
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93394

Scores

CVSS v3 5.5
EPSS 0.3198
EPSS Percentile 98.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (18)
microsoft/live_meeting 2007
microsoft/lync 2010 (2 CPE variants)
microsoft/lync 2013 sp1
microsoft/office 2007 sp3
microsoft/office 2010 sp2
microsoft/skype_for_business 2016
microsoft/windows_10
microsoft/windows_10 1511
microsoft/windows_10 1607
microsoft/windows_7
... and 8 more
Published Oct 14, 2016
Tracked Since Feb 18, 2026