CVE-2016-3393

CVSS 7.8 HIGHEPSS 68.7%● KEV

In short

A flaw in Windows graphics software (GDI/GDI+) allows attackers to run malicious code on your computer when you visit a specially crafted website. This is dangerous because it bypasses your browser's protections and executes code directly on your system.

Technical detail

Remote code execution vulnerability in GDI/GDI+ component affecting multiple Windows versions. Attack vector is web-based (crafted website), requiring user interaction to visit the malicious site. Successful exploitation grants arbitrary code execution with the privileges of the logged-in user.

Summary generated and translated by AI from the official description.

Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3393 http://www.securityfocus.com/bid/93377 http://www.securitytracker.com/id/1036988