Windows Remote Code Execution Vulnerability

1) Remote code execution

EUVDB-ID: #VU1163

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-7212

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to unknown error when handling images. A remote attacker can create a specially crafted image and execute arbitrary code on the target system with privileges of the current user, when malicious images is viewed.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable system with privileges of the current user.

Mitigation

Install updates from Microsoft website.

Vulnerable software versions

Windows: Vista - 10

Windows Server: 2008 - 2016 10.0.14393.10

CPE2.3

• cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:8.1_RT:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2008_R2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2012_R2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2016:10.0.14393.10:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7212

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.