Main Vulnerability Database Exploits ID:381 - Exploit for Remote code execution in Windows Graphics Component in Microsoft products - CVE-2016-3303

ID:381 - Exploit for Remote code execution in Windows Graphics Component in Microsoft products - CVE-2016-3303

Published: March 18, 2020

Vulnerability identifier: #VU285

Vulnerability risk: High

CVE-ID: CVE-2016-3303

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server
Microsoft Office
Microsoft Word
Skype for Business
Microsoft Lync
Microsoft Live Meeting

Link to public exploit:

https://www.exploit-db.com/exploits/40256/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Windows font library when handling specially crafted embedded fonts. A remote attacker can create a specially crafted font and execute arbitrary code on the target system with privileges of the current user. The attacker can use a variety of software to deliver malicious font to the target system, including web browsers, emails, office documents.

Successful exploitation of this vulnerability my allow an attacker to run arbitrary code on vulnerable system.

ID:381 - Exploit for Remote code execution in Windows Graphics Component in Microsoft products - CVE-2016-3303

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human