Main Vulnerability Database SB2016110813

SB2016110813 - Windows Bowser.sys Information Disclosure Vulnerabilty

Published: November 8, 2016

Security Bulletin ID SB2016110813

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2016-7218)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of objects in memory by bowser.sys. A local attacker can execute a specially crafted program and gain access to important data on the affected system.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-7218