Remote code execution in Windows Graphics Component

Published: 2016-08-10
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2016-3304
CVE-2016-3303
CVE-2016-3301
CWE ID CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software Windows Subscribe
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting
Vendor Microsoft

Security Advisory

This security bulleting describes three remote code execution vulnerabilities in Windows font library.

1) Remote code execution in Windows Graphics Component

Severity: High

CVSSv3: 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3304

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Windows font library when handling specially crafted embedded fonts. A remote attacker can create a specially crafted font and execute arbitrary code on the target system with privileges of the current user. The attacker can use a variety of software to deliver malicious font to the target system, including web browsers, emails, office documents.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.

Vulnerable software versions

Windows: 7, Vista

Windows Server: 2008, 2008 R2

Microsoft Office: 2007, 2010

Microsoft Word: Viewer

Skype for Business: 2016

Microsoft Lync: 2010, 2013

Microsoft Live Meeting: 2007 Console

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-097.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Remote code execution in Windows Graphics Component

Severity: High

CVSSv3: 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3303

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Windows font library when handling specially crafted embedded fonts. A remote attacker can create a specially crafted font and execute arbitrary code on the target system with privileges of the current user. The attacker can use a variety of software to deliver malicious font to the target system, including web browsers, emails, office documents.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.

Vulnerable software versions

Windows: 7, Vista

Windows Server: 2008, 2008 R2

Microsoft Office: 2007, 2010

Microsoft Word: Viewer

Skype for Business: 2016

Microsoft Lync: 2010, 2013

Microsoft Live Meeting: 2007 Console

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-097.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Remote code execution in Windows Graphics Component

Severity: High

CVSSv3: 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-3301

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Windows font library when handling specially crafted embedded fonts. A remote attacker can create a specially crafted font and execute arbitrary code on the target system with privileges of the current user. The attacker can use a variety of software to deliver malicious font to the target system, including web browsers, emails, office documents, etc.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.

Vulnerable software versions

Windows: 7, 8.1, 10, RT 8.1, Vista

Windows Server: 2008, 2008 R2, 2012, 2012 R2

Microsoft Office: 2007, 2010

Microsoft Lync: 2010, 2013

Skype for Business: 2016

Microsoft Live Meeting: 2007 Console

CPE External links

https://technet.microsoft.com/en-us/library/security/ms16-097.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.