CVE-2016-3299

MEDIUM

Microsoft Windows 10 - Improper Access Control

Title source: rule

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability."

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92387

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077

Scores

CVSS v3 5.3

EPSS 0.0734

EPSS Percentile 91.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-284

Status draft

Affected Products (11)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_vista

Timeline

Published Aug 09, 2016

Tracked Since Feb 18, 2026