CVE-2016-7256

HIGH KEV

Windows - Remote Code Execution via Open Type Font Parsing

Title source: llm

Exploitation Summary

CVE-2016-7256 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022.

Description

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."

References (5)

Core 5

Core References

Broken Link x_refsource_misc

https://twitter.com/da5ch0/status/820161895269277696

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037243

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94156

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7256

Scores

CVSS v3 8.8

EPSS 0.5551

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-25

VulnCheck KEV 2016-11-08

InTheWild.io 2016-11-08

ENISA EUVD EUVD-2016-8112

Status published

Products (12)

microsoft/windows_10_1507

microsoft/windows_10_1511

microsoft/windows_10_1607

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 2 more

Published Nov 10, 2016

KEV Added May 25, 2022

Tracked Since Feb 18, 2026