Main
Vulnerability Database
Exploits
ID:427 - Exploit for Information disclosure in Microsoft products - CVE-2016-3209
ID:427 - Exploit for Information disclosure in Microsoft products - CVE-2016-3209
Published: March 18, 2020
Vulnerability identifier: #VU959
Vulnerability risk: Low
CVE-ID: CVE-2016-3209
CWE-ID: CWE-401
Exploitation vector: Local access
Vulnerable software:
Microsoft .NET Framework
Microsoft Office
Microsoft Silverlight
Windows
Windows Server
Microsoft Lync
Lync Attendee
Microsoft Live Meeting
Microsoft .NET Framework
Microsoft Office
Microsoft Silverlight
Windows
Windows Server
Microsoft Lync
Lync Attendee
Microsoft Live Meeting
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error in the Graphics Device Interface (GDI) component. A local attacker can execute a specially crafted program on the affected system, get information about system memory state, bypass Address Space Layout Randomization (ASLR) and conduct further attacks.
Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.
The weakness exists due to boundary error in the Graphics Device Interface (GDI) component. A local attacker can execute a specially crafted program on the affected system, get information about system memory state, bypass Address Space Layout Randomization (ASLR) and conduct further attacks.
Successful exploitation of the vulnerability will result in information disclosure on the vulnerable system.
Remediation
Install update fron vendor's website.