CVE-2016-0179 — Improper Access Control in Microsoft Windows 10

CWE-284 — Improper Access Control7 documents5 sources

Severity

7.8HIGHNVD

EPSS

19.2%

top 4.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012 Msrc Windows 10 FOR 32-bit Systems +7 more

Timeline

PublishedMay 11

Latest updateMay 14

Description

Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-55qq-22jq-gj9x: Windows Shell in Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Shell Remote Code Execution Vulnerability↗2016-05-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - May 2016↗2016-05-10

▶

Talos

Microsoft Patch Tuesday - May 2016↗2016-05-10

▶

💬Community

Bugzilla

CVE-2016-4333 hdf5: H5T_COMPOUND heap buffer overflow↗2016-11-23

▶

Bugzilla

CVE-2016-2175 pdfbox: XML External Entity vulnerability↗2016-05-27

▶