#VU976 Privilege escalation in Microsoft products - CVE-2016-3266
Published: October 11, 2016 / Updated: February 2, 2017
Vulnerability identifier: #VU976
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-3266
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows RT
Windows Server
Windows
Windows RT
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The weakness occurs in the Win32k kernel driver of Microsoft Windows improper handling of objects within memory. By running a malicious programm attacker can obtain root privileges on the affected system that allows him to take actions within an elevated security context.
Succesful exploitation of the vulnerability may result in complete vulnerable system compromise.
The weakness occurs in the Win32k kernel driver of Microsoft Windows improper handling of objects within memory. By running a malicious programm attacker can obtain root privileges on the affected system that allows him to take actions within an elevated security context.
Succesful exploitation of the vulnerability may result in complete vulnerable system compromise.
Remediation
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.