Information disclosure in Microsoft products - CVE-2016-0073
Published: October 13, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU968
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-0073
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows
Windows RT
Windows Server
Windows
Windows RT
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to obtain potentially sensitive information on the target system.
The weakness is due to improper access comtrol by a Windows kernel API on an affected system when handling access to sensitive registry informatio. By executing a specially crafted application attackers can gain access to sensitive registry information that can be used for further attacks.
Successful exploitation of the vulnerability leads to disclosure of potentially sensitive data on the vulnerable system.
The weakness is due to improper access comtrol by a Windows kernel API on an affected system when handling access to sensitive registry informatio. By executing a specially crafted application attackers can gain access to sensitive registry information that can be used for further attacks.
Successful exploitation of the vulnerability leads to disclosure of potentially sensitive data on the vulnerable system.
How to mitigate CVE-2016-0073
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.