Oval Definition:oval:org.cisecurity:def:500
Revision Date:2016-06-13Version:53
Title:Graphics Memory Corruption Vulnerability – CVE-2016-0145 (MS16-039)
Description:The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2016-0145
Platform(s):Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):Microsoft .NET Framework
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Office 2007
Microsoft Office 2010
Microsoft Word Viewer
Skype for Business 2016
Definition Synopsis
  • Check for installation of vulnerable Windows OS + vulnerable file version
  • Microsoft Windows Vista/Server 2008 + file version
  • Microsoft Windows Vista/Server 2008 is installed
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Check for file versions
  • Check for win32k.sys version
  • Check if win32k.sys version is less than 6.0.6002.19626
  • OR Check for gdiplus.dll version
  • OR Microsoft Windows 7/Server 2008 R2 + file version
  • Microsoft Windows 7/Server 2008 R2 is installed
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND Check for file versions
  • Check if win32k.sys version is less than 6.1.7601.23407
  • OR Check for file version
  • Check if gdiplus.dll version is less than 5.2.7601.23407
  • OR Microsoft Windows 8.1/Server 2012 R2 + file version
  • Microsoft Windows 8.1/Server 2012 R2 is installed
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if win32k.sys version is less than 6.3.9600.18290
  • OR Microsoft Windows Server 2012 + file version
  • Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check if win32k.sys version is less than 6.2.9200.21824
  • OR Microsoft Windows 10 + file version
  • Microsoft Windows 10 is installed
  • Microsoft Windows 10 (32-bit) is installed
  • OR Microsoft Windows 10 (64-bit) is installed
  • AND Check for file versions
  • Check if win32k.sys version is less than 10.0.10240.16384
  • OR Check if gdiplus.dll version is less than 10.0.10240.16603
  • OR Microsoft Windows 10 Version 1511 + file version
  • Microsoft Windows 10 Version 1511 is installed
  • Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND Check for file versions
  • Check if win32k.sys version is less than 10.0.10586.20
  • OR Check if gdiplus.dll version is less than 10.0.10586.20
  • OR Check for installation of vulnerable Microsoft Office + vulnerable file version
  • Microsoft Office 2007 SP3 + file version
  • Microsoft Office 2007 SP3 is installed
  • AND Check if ogl.dll version is less than 12.0.6746.5000
  • OR Microsoft Office 2010 SP2 + file version
  • Microsoft Office 2010 SP2 x86/x64
  • Microsoft Office 2010 SP2 x86 is installed
  • OR Microsoft Office 2010 SP2 x64 is installed
  • AND Check if ogl.dll version is less than 14.0.7168.5000
  • OR Microsoft Microsoft Word Viewer + file version
  • Microsoft Word Viewer is installed
  • AND Check if gdiplus.dll version is less than 11.0.8426
  • OR Check for installation of vulnerable Windows OS + vulnerable .NET Framework + file version
  • Microsoft Windows Vista/Server 2008 + .NET Framework 3.0 + file version
  • Microsoft Windows Vista/Server 2008 is installed
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft .NET Framework 3.0 SP2 is installed
  • AND Check for file version
  • Check if presentationcore.dll version is less than 3.0.6920.4235
  • OR Check for Limited Distribution Release (LDR) file version
  • Check if presentationcore.dll version is greater than or equal to 3.0.6920.8000
  • AND Check if presentationcore.dll version is less than 3.0.6920.8712
  • OR Microsoft Windows 7/Server 2008 R2/8.1/Server 2012 R2/Server 2012/10 + vulnerable .NET Framework 3.5.1/3.5 + file version
  • Microsoft Windows 7/Server 2008 R2/8.1/Server 2012 R2/Server 2012/10 is installed
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • OR Microsoft Windows 10 (32-bit) is installed
  • OR Microsoft Windows 10 (64-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • AND Microsoft .NET Framework 3.5 SP1 is installed
  • AND Check if presentationcore.dll version is less than 3.0.6920.8712
  • OR Check for installation of vulnerable Skype\Lync + file version
  • Skype for Business 2016/Basic + file version
  • Skype for Business 2016 is installed
  • AND Check if lynchtmlconv.exe version is less than 16.0.4366.1000
  • OR Microsoft Lync 2013/Basic + file version
  • Microsoft Lync 2013 is installed
  • Microsoft Lync 2013 is installed
  • AND Check if lynchtmlconv.exe version is less than 15.0.4815.1000
  • OR Microsoft Lync Basic 2013 is installed
  • Microsoft Lync Basic 2013 SP1 is installed
  • AND Check if lynchtmlconv.exe version is less than 15.0.4815.1000
  • OR Microsoft Lync 2010/Attendee + file version
  • Microsoft Lync 2010 is installed
  • Microsoft Lync 2010 is installed
  • AND Check if ogl.dll version is less than 4.0.7577.4498
  • OR Microsoft Lync 2010 Attendee (admin level install) is installed
  • Microsoft Lync 2010 Attendee (admin level install) is installed
  • AND Check if ogl.dll version is less than 4.0.7577.4498
  • OR Microsoft Lync 2010 Attendee (user level install) is installed
  • Microsoft Lync 2010 Attendee (user level install) is installed
  • AND Check if ogl.dll version is less than 4.0.7577.4498
  • OR Microsoft Live Meeting 2007 Console + file version
  • Microsoft Live Meeting 2007 Console is installed
  • AND Check if ogl.dll version is less than 12.0.6746.5000
    • BACK