| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE ID | CVE-2016-3311 CVE-2016-3310 CVE-2016-3309 CVE-2016-3308 |
| CWE ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system Windows RT Operating systems & Components / Operating system |
| Vendor | Microsoft |
Discovered vulnerabilities may allow a local user to elevate privileges on vulnerable system.
Risk: Low
CVSSv3: 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-3311
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7, 8.1, 10, RT 8.1, Vista
Windows Server: 2008, 2008 R2, 2012, 2012 R2
CPEhttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: Low
CVSSv3: 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-3310
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7, 8.1, 10, RT 8.1, Vista
Windows Server: 2008, 2008 R2, 2012, 2012 R2
CPEhttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Risk: Low
CVSSv3: 8.4 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-3309
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7, 8.1, 10, RT 8.1, Vista
Windows Server: 2008, 2008 R2, 2012, 2012 R2
CPEhttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
Risk: Low
CVSSv3: 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2016-3308
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7, 8.1, 10, RT 8.1, Vista
Windows Server: 2008, 2008 R2, 2012, 2012 R2
CPEhttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.