PT-2016-1998 · Microsoft · Windows Vista+6
Published
2016-05-10
·
Updated
2018-10-12
·
CVE-2016-0182
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Windows Journal versions in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511
Description
The issue is related to insufficient access control in the Windows Journal component, allowing remote attackers to execute arbitrary code by using a specially crafted Journal file. This can affect the system, enabling the execution of arbitrary code.
Recommendations
For Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511, consider restricting access to the Journal component until a patch is available.
As a temporary workaround, avoid using the Windows Journal component to open specially crafted Journal files until the issue is resolved.
Fix
RCE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 10
Windows 7
Windows 8.1
Windows Journal
Windows Rt 8.1
Windows Vista