Main Vulnerability Database Vulnerabilities #VU5325

#VU5325 Information disclosure in Windows and Windows Server - CVE-2016-7218

Published: November 8, 2016 / Updated: March 6, 2017

Vulnerability identifier: #VU5325

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-7218

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of objects in memory by bowser.sys. A local attacker can execute a specially crafted program and gain access to important data on the affected system.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Remediation

Install update from vendor's website.

External links

https://technet.microsoft.com/en-us/library/security/ms16-135

#VU5325 Information disclosure in Windows and Windows Server - CVE-2016-7218

Description

Remediation

External links

Please verify you're human