Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3231 — Windows 10 FOR 32-bit Systems vulnerability

CWE-197 documents6 sources

Severity

7.8HIGHNVD

EPSS

3.1%

top 13.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems Msrc Windows 10 Version 1511 FOR 32-bit Systems +1 more

Timeline

PublishedJun 16

Latest updateMay 14

Description

The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶msrcmsrc/windows_10_for_32-bit_systems

▶msrcmsrc/windows_10_for_x64-based_systems

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-fpx8-9h4m-f4m7: The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted applic↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)↗2016-10-17

▶

📋Vendor Advisories

Microsoft

Windows Diagnostics Hub Elevation of Privilege Vulnerability↗2016-06-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 06-14-2016↗

▶