Multiple vulnerabilities in Windows Win32k.sys driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-3311 CVE-2016-3310 CVE-2016-3309 CVE-2016-3308 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system Windows RT Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
Discovered vulnerabilities may allow a local user to elevate privileges on vulnerable system.
1) Elevation of privilege
EUVDB-ID: #VU290
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3311
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
CPE2.3
- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Elevation of privilege
EUVDB-ID: #VU289
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3310
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
CPE2.3
- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Elevation of privilege
EUVDB-ID: #VU288
Risk: Low
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2016-3309
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
CPE2.3
- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Elevation of privilege
EUVDB-ID: #VU287
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3308
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
Vulnerable software versionsWindows: 7 - Vista
Windows Server: 2008 - 2012 R2
CPE2.3
- cpe:2.3:o:microsoft:windows:Vista:*:*:*:*:*:*:*
- Full software list in CPE2.3 format available after registration.
http://technet.microsoft.com/en-us/library/security/ms16-098.aspx
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
