Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0075Sensitive Information Exposure in Microsoft Windows 10

CWE-200Sensitive Information Exposure12 documents7 sources
Severity
5.5MEDIUMNVD
NVD5.0
EPSS
6.8%
top 8.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
13
Microsoft Windows 10Microsoft Windows Server 2012Msrc Windows 10 FOR 32-bit Systems+10 more
Timeline
PublishedOct 14
Latest updateMay 14

Description

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

NVDmicrosoft/windows_101511, 1607+1

🔴Vulnerability Details

2
GHSA
GHSA-mgr3-87vc-vp89: The kernel in Microsoft Windows 82022-05-14
GHSA
GHSA-gx3r-rfxx-c7x6: The kernel in Microsoft Windows 82022-05-14

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)2016-11-09
Exploit-DB
Microsoft Windows - DeviceApi CMApi PiCMOpenDeviceKey Arbitrary Registry Key Write Privilege Escalation (MS16-124)2016-10-18

📋Vendor Advisories

1
Microsoft
Windows Kernel Local Elevation of Privilege Vulnerability2016-10-11

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - October 20162016-10-11
Talos
Microsoft Patch Tuesday - October 20162016-10-11
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016

💬Community

1
Bugzilla
CVE-2016-4383 openstack-glance: glance-manage db purge breaks image immutability expectation2017-06-29