Back to KEVs

CVE-2016-7256

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows...

Basic Information

CVE State
PUBLISHED
Reserved Date
September 09, 2016
Published Date
November 10, 2016
Last Updated
February 10, 2025
Vendor
n/a
Product
n/a
Description
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2022-05-25 00:00:00 UTC) Source

References

https://twitter.com/da5ch0/status/820161895269277696 http://www.securitytracker.com/id/1037243 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-132 http://www.securityfocus.com/bid/94156

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-25 00:00:00 UTC