Memory Corruption in Windows - CVE-2016-7248

Detailed vulnerability description

A remote attacker can execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of objects in memory in Microsoft Video Control. A remote attacker can create a specially crafted file, trick the victim to open it and cause memory corruption.

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on vulnerable system with privileges of the current user.

How to mitigate CVE-2016-7248

Vendor has issued patches to address this vulnerability:

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows 8.1 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1511 for 32-bit Systems

Windows 10 Version 1511 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Sources

• https://technet.microsoft.com/library/security/MS16-131