Exploit for #VU288 Elevation of privilege in Windows and Windows Server

Exploit for #VU288 Elevation of privilege in Windows and Windows Server

Published: 2020-03-18

Vulnerability identifier: #VU288

Vulnerability risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2016-3309

CWE-ID: CWE-119

Exploitation vector: Local

Exploits in database: 2

March 18, 2020
- CVE-2016-3309_Reloaded (Exploits for the win32kfull!bFill vulnerability on Win10 x64 RS2 using Bitmap or Palette techniques) [Github]
- Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow [Exploit-DB]

Impact: Code execution

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft