Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Windows server 2008 R2 Sp1 ~~~~itanium~ (not an official CPE)
Microsoft Windows Server 2008 Service Pack 2
Microsoft Windows RT 8.1
Microsoft Windows 8.1 - (not an official CPE)
Microsoft Windows 7 - Sp1 (not an official CPE)
Microsoft Windows 10 1703 (not an official CPE)
Microsoft Windows 10 1607 (not an official CPE)
Microsoft Windows 10 1511 (not an official CPE)
Microsoft Windows 10 - (not an official CPE)
Microsoft Windows server 2008 R2 Sp1 ~~~~x64~ (not an official CPE)
Microsoft Windows Server 2012
Microsoft Windows server 2012 R2 (not an official CPE)
Microsoft Windows server 2016 - (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidanc... | |||
| 1038680 | |||
| 98933 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)
Related CAPEC 11
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Overflow Buffers (CAPEC-ID 100)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
MIME Conversion (CAPEC-ID 42)
Overflow Binary Resource File (CAPEC-ID 44)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
Buffer Overflow in an API Call (CAPEC-ID 8)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)