What is the severity of CVE-2016-3303?

CVE-2016-3303 has a critical severity rating due to its potential to allow remote code execution.

How do I fix CVE-2016-3303?

To fix CVE-2016-3303, apply the security updates provided by Microsoft for the affected software versions.

Which software is affected by CVE-2016-3303?

CVE-2016-3303 affects Microsoft Windows Vista, Windows Server 2008, Windows 7, Office 2007, Office 2010, and several versions of Microsoft Lync and Skype for Business.

What can attackers do due to CVE-2016-3303?

Attackers exploiting CVE-2016-3303 can execute arbitrary code on the affected system.

Is there a workaround for CVE-2016-3303?

While the recommended solution is to apply updates, users may limit exposure by disabling or removing vulnerable applications temporarily.

Vulnerability/
CVE-2016-3303

critical

9.3

CWE

9/8/2016

5/8/2024

CVE-2016-3303: Input Validation

First published: Tue Aug 09 2016(Updated: )

The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Live Meeting	=2007
Microsoft Lync Server	=2010
Microsoft Lync Server	=2010
Microsoft Lync Server	=2013-sp1
Microsoft Office	=2007-sp3
Microsoft Office	=2010-sp2
Microsoft Skype for Business	=2016
Microsoft Office Word Viewer
Microsoft Windows 7	=sp1
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2-sp1
Microsoft Windows Vista	=sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-3303?
CVE-2016-3303 has a critical severity rating due to its potential to allow remote code execution.
How do I fix CVE-2016-3303?
To fix CVE-2016-3303, apply the security updates provided by Microsoft for the affected software versions.
Which software is affected by CVE-2016-3303?
CVE-2016-3303 affects Microsoft Windows Vista, Windows Server 2008, Windows 7, Office 2007, Office 2010, and several versions of Microsoft Lync and Skype for Business.
What can attackers do due to CVE-2016-3303?
Attackers exploiting CVE-2016-3303 can execute arbitrary code on the affected system.
Is there a workaround for CVE-2016-3303?
While the recommended solution is to apply updates, users may limit exposure by disabling or removing vulnerable applications temporarily.

agent/references
agent/type
agent/weakness
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/microsoft live meeting
version/microsoft live meeting/2007
canonical/microsoft lync server
version/microsoft lync server/2010
version/microsoft lync server/2013-sp1
canonical/microsoft office
version/microsoft office/2007-sp3
version/microsoft office/2010-sp2
canonical/microsoft skype for business
version/microsoft skype for business/2016
canonical/microsoft office word viewer
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows server/r2-sp1
canonical/microsoft windows vista
version/microsoft windows vista/sp2