CVE-2016-3250 — Microsoft Windows 10 vulnerability

CWE-2644 documents4 sources

Severity

7.3HIGHNVD

EPSS

2.6%

top 14.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems +3 more

Timeline

PublishedJul 13

Latest updateMay 14

Description

The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages6 packages

▶msrcmsrc/windows_server_2012

▶NVDmicrosoft/windows_101511

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/windows_10_for_32-bit_systems

🔴Vulnerability Details

GHSA

GHSA-47hv-qhm4-5v8h: The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application,↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Kernel Elevation of Privilege Vulnerability↗2016-07-12

▶

🕵️Threat Intelligence

Zscaler

Zscaler found Multiple Security Vulnerabilities | 07-12-2016↗

▶