CVE-2016-3301 Microsoft Graphics Component Remote Code Execution Vulnerabilities (MS16-097)漏洞银行丨0day Bank

2016年8月10日 3868点热度 0人点赞 0条评论

漏洞信息

The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.

This security update is rated Critical for:
- All supported releases of Microsoft Windows.
- Affected editions of Microsoft Office 2007 and Microsoft Office 2010.
- Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010

漏洞危害

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

解决方案

Refer to MS16-097 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MS16-097: Windows Vista Service Pack 2

MS16-097: Windows Vista x64 Edition Service Pack 2

MS16-097: Windows Server 2008 for 32-bit Systems Service Pack 2

MS16-097: Windows Server 2008 for x64-based Systems Service Pack 2

MS16-097: Windows Server 2008 for Itanium-based Systems Service Pack 2

MS16-097: Windows 7 for 32-bit Systems Service Pack 1

MS16-097: Windows 7 for x64-based Systems Service Pack 1

MS16-097: Windows Server 2008 R2 for x64-based Systems Service Pack 1

MS16-097: Windows Server 2008 R2 for Itanium-based Systems Service Pack 1