CVE-2016-0120

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold and R2 Microsoft Windows RT 8.1 Microsoft Windows 10 Gold and 1511

Description The issue is related to the improper handling of specially crafted OpenType fonts by the Adobe Type Manager Library in Microsoft Windows, allowing remote attackers to cause a denial of service condition, such as a system hang. The vulnerability exists due to insufficient input validation. For systems except Windows 10, successful exploitation could cause a denial of service condition, while for Windows 10 systems, it could potentially cause the application to stop responding.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that includes the fix for this issue. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a newer version that includes the fix for this issue. For Microsoft Windows 7 SP1, update to a newer version that includes the fix for this issue. For Microsoft Windows 8.1, update to a newer version that includes the fix for this issue. For Microsoft Windows Server 2012 Gold and R2, update to a newer version that includes the fix for this issue. For Microsoft Windows RT 8.1, update to a newer version that includes the fix for this issue. For Microsoft Windows 10 Gold and 1511, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting the use of specially crafted OpenType fonts until a patch is available.