Office For Mac
CVE-2016-7257
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
AnalysisAI
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." Affected products include: Microsoft Office For Mac, Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Vista.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Office For Mac
View allMicrosoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote a
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly valida
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly valida
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle obje
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today