CVE-2016-0098

Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."

Published: Mar 9, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-0098
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_server_2008	r2-sp1	r2-sp1.x
microsoft / windows_7	--sp1	--sp1.x

http://www.securityfocus.com/bid/84089
http://www.securitytracker.com/id/1035200
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-027

Vulnerability Database

290,206

CVE-2016-0098