Page 6 of 54 results (0.007 seconds)

CVSS: 5.5EPSS: 48%CPEs: 19EXPL: 0

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262. Graphics Device Interface (también conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Console permite a atacantes remotos eludir el mecanismo de protección ASLR a través de vectores no especificados, vulnerabilidad también conocida como "GDI+ Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-3262. • http://www.securityfocus.com/bid/93394 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 23%CPEs: 19EXPL: 0

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." Graphics Device Interface (también conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Console permite a atacantes remotos ejecutar un código arbitrario a través de un fuente incrustada manipulada, vulnerabilidad también conocida como "GDI+ Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/93380 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 29%CPEs: 19EXPL: 1

The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability." La librería de fuente Windows en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype para Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; y Live Meeting 2007 Console permite a atacantes remotos ejecutar código arbitrario a través de una fuente embebida manipulada, también conocida como "Windows Graphics Component RCE Vulnerability". • https://www.exploit-db.com/exploits/40255 http://www.securityfocus.com/bid/92288 http://www.securitytracker.com/id/1036564 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 29%CPEs: 12EXPL: 1

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304. La librería de fuente Windows en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype para Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee y Live Meeting 2007 Console permite a atacantes remotos ejecutar código arbitrario a través de una fuente embebida, también conocida como "Windows Graphics Component RCE Vulnerability", una vulnerabilidad diferente a CVE-2016-3304. • https://www.exploit-db.com/exploits/40256 http://www.securityfocus.com/bid/92301 http://www.securitytracker.com/id/1036564 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 29%CPEs: 12EXPL: 1

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303. La librería de fuente Windows en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype para Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee y Live Meeting 2007 Console permite a atacantes remotos ejecutar código arbitrario a través de una fuente embebida, también conocida como "Windows Graphics Component RCE Vulnerability", una vulnerabilidad diferente a CVE-2016-3303. There exists a Microsoft GDI+ heap-based buffer overflow vulnerability in the handling of EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA records. • https://www.exploit-db.com/exploits/40257 http://www.securityfocus.com/bid/92302 http://www.securitytracker.com/id/1036564 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-097 • CWE-20: Improper Input Validation •