{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-08T00:00:00", "descriptions": [{"lang": "en", "value": "atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka \"Open Type Font Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1037243", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037243"}, {"name": "94030", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94030"}, {"name": "MS16-132", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"}, {"tags": ["x_refsource_MISC"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/"}, {"name": "20161110 Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539734/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2016-7210", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka \"Open Type Font Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1037243", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037243"}, {"name": "94030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94030"}, {"name": "MS16-132", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"}, {"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/", "refsource": "MISC", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/"}, {"name": "20161110 Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539734/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:46.072Z"}, "title": "CVE Program Container", "references": [{"name": "1037243", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037243"}, {"name": "94030", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94030"}, {"name": "MS16-132", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/"}, {"name": "20161110 Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/539734/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2016-7210", "datePublished": "2016-11-10T06:16:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:46.072Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka \"Open Type Font Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "atmfd.dll en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a atacantes remotos obtener informaci\u00f3n sensible de memoria de proceso a trav\u00e9s de una fuente Open Type manipulada en un sitio web, vulnerabilidad tambi\u00e9n conocida como \"Open Type Font Information Disclosure Vulnerability\"."}], "id": "CVE-2016-7210", "lastModified": "2024-11-21T02:57:42.557", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-10T06:59:24.310", "references": [{"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/539734/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94030"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1037243"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"}, {"source": "secure@microsoft.com", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/539734/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1037243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}