Arbitrary code execution - CVE-2016-3341
Published: October 14, 2016
Vulnerability identifier: #VU988
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3341
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness exists due to object memory handling error in the Windows Transaction Manager caused by running a specially crafted application and allowing attackers to execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness exists due to object memory handling error in the Windows Transaction Manager caused by running a specially crafted application and allowing attackers to execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.