CVE-2016-0038

Name of the Vulnerable Software and Affected Versions Windows Journal versions in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511

Description The issue is caused by a buffer overflow in the Windows Journal component, allowing remote attackers to execute arbitrary code via a crafted Journal file. This could enable an attacker to take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights, especially if the user is logged on with administrative user rights. Users with fewer user rights on the system could be less impacted.

Recommendations For Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511, update the Windows Journal component to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.