#VU1167 Information Disclosure in Windows and Windows Server - CVE-2016-7210

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU1167

#VU1167 Information Disclosure in Windows and Windows Server - CVE-2016-7210

Published: November 9, 2016 / Updated: February 3, 2017


Vulnerability identifier: #VU1167
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-7210
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
Windows
Windows Server
Software vendor:
Microsoft

Description

A remote attacker can obtain potentially sensitive system information.

The vulnerability exists due to an error in ATMFD component. A remote attacker can create a specially crafted document, trick the victim to open it and obtain contents of the memory.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information.


Remediation

Vendor has issued patches to address this vulnerability:

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8.1 for 32-bit Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012

Windows Server 2012 R2

Windows Server 2012 R2

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1511 for 32-bit Systems

Windows 10 Version 1511 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016 for x64-based Systems (Server Core installation)


External links