| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE ID | CVE-2016-3311 CVE-2016-3310 CVE-2016-3309 CVE-2016-3308 |
| CVSSv3 |
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] 7.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C] 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] |
| CWE ID |
CWE-119 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Windows Windows Server |
| Vulnerable software versions |
Windows Vista Windows 7 Windows 8.1 Windows RT 8.1 Windows 10 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 |
| Vendor URL | Microsoft |
Discovered vulnerabilities may allow a local user to elevate privileges on vulnerable system.
The vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
External linkshttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
The vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
External linkshttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
The vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
External linkshttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx
The vulnerability allows a local user to gain elevated privileges on vulnerable system.
The vulnerability exists due to boundary error in Win32k.sys driver when handling objects in memory. A local user can trigger buffer overflow and execute arbitrary code with SYSTEM privileges.
Successful exploitation of this vulnerability will allow a local user to gain complete access to vulnerable system.
External linkshttps://technet.microsoft.com/en-us/library/security/ms16-098.aspx