FortiClient VulnerabilityMicrosoft Windows Graphics Component CVE-2016-3216 Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists when the Windows Graphics Component (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities. The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code. To exploit this vulnerability, an attacker would have to convince a use to run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Graphics Component handles addresses in memory.
Affected Applications
Windows RT 8.1
Windows Vista x64 Edition Service Pack 2
Windows Server 2012
Windows 8
Windows 7
Windows 10
Windows Server 2008
Windows Vista Service Pack 2
CVE References
CVE-2016-3216Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-3216| ID | 55859 |
| Created | Dec 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows RT 8.1 , Windows Vista x64 Edition Service Pack 2 , Windows Server 2012 , Windows 8 , Windows 7 , Windows 10 , Windows Server 2008 , Windows Vista Service Pack 2 |