CVE-2016-3238

HIGH

Windows Print Spooler - Remote Code Execution via Crafted Print Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3238. PoCs published by pyiesone.

AI-analyzed exploit summary The repository provides a whitepaper-style description of CVE-2016-3238, a Windows Print Spooler RCE vulnerability. It lacks exploit code but includes technical details about the vulnerability's mechanism.

Description

The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability."

Exploits (1)

nomisec WRITEUP
by pyiesone · poc
https://github.com/pyiesone/CVE-2016-3238-PoC

The repository provides a whitepaper-style description of CVE-2016-3238, a Windows Print Spooler RCE vulnerability. It lacks exploit code but includes technical details about the vulnerability's mechanism.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Windows Print Spooler
No auth needed
Prerequisites: Man-in-the-middle position during printer installation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91609
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036277

Scores

CVSS v3 8.1
EPSS 0.1515
EPSS Percentile 94.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-254
Status published
Products (10)
microsoft/windows_10
microsoft/windows_10 1511
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_vista
Published Jul 13, 2016
Tracked Since Feb 18, 2026