Main Vulnerability Database Vulnerabilities #VU5323

#VU5323 Information disclosure in Windows and Windows Server - CVE-2016-7214

Published: November 8, 2016 / Updated: March 3, 2017

Vulnerability identifier: #VU5323

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7214

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to boundary error when handling objects by the kernel. A local attacker can run a specially crafted program, trigger memory corruption, gain access to important data allowing to bypass Kernel Address Space Layout Randomization (ASLR).

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-135

#VU5323 Information disclosure in Windows and Windows Server - CVE-2016-7214

Description

Remediation

External links

Please verify you're human