CVE-2016-7257

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

13.3%

top 5.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office FOR MAC Microsoft Windows Server 2008

Timeline

PublishedDec 20

Latest updateMay 14

Description

The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/office2011, 2016+1

🔴Vulnerability Details

GHSA

GHSA-p4w9-qqg4-c6m7: The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allo↗2022-05-14

▶

CVEList

CVE-2016-7257: The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allo↗2016-12-20

▶

📋Vendor Advisories

Microsoft

Windows GDI Information Disclosure Vulnerability↗2016-12-13

▶