Medium severity5.5NVD Advisory· Published Oct 14, 2016· Updated Jun 17, 2026
CVE-2016-3209
CVE-2016-3209
Description
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
33- cpe:2.3:a:microsoft:live_meeting:2007:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
- (no CPE)range: 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6
cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:silverlight:5.0:*:*:*:*:*:*:*
- (no CPE)range: 5
cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*
- (no CPE)range: 2016
cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:word_viewer:-:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- Range: 2007
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.