Privilege escalation in Windows and Windows Server - CVE-2016-7191
Published: October 14, 2016 / Updated: March 25, 2018
Vulnerability identifier: #VU978
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-7191
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The weakness exists due to boundary error when handling crafted input. By using an application that is designed to submit a malicious input, attacker can obtain root privileges on the affected system that allows him to execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability may result in complete vulnerable system compromise.
The weakness exists due to boundary error when handling crafted input. By using an application that is designed to submit a malicious input, attacker can obtain root privileges on the affected system that allows him to execute arbitrary code in kernel mode.
Successful exploitation of the vulnerability may result in complete vulnerable system compromise.
How to mitigate CVE-2016-7191
Install update from vendor's website.