CVE-2016-3371

MEDIUM

Microsoft Windows 10 - Information Disclosure

Title source: rule

Description

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain sensitive information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

Exploits (2)

gitlab

by 10vuln · poc

https://gitlab.com/penetration-test-learn/10vuln/OtherWinExploits

exploitdb WORKING POC VERIFIED

by Google Security Research · localwindows

https://www.exploit-db.com/exploits/40429

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036802

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92814

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40429/

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111

Scores

CVSS v3 5.5

EPSS 0.3431

EPSS Percentile 96.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (12)

n/a/n/a

microsoft/windows_10

microsoft/windows_10

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_server_2012

microsoft/windows_vista

Timeline

Published Sep 14, 2016

Tracked Since Feb 18, 2026