CVE-2016-3312Sensitive Information Exposure in Microsoft Windows 10

CWE-200Sensitive Information Exposure8 documents7 sources
Severity
9.1CRITICALNVD
OSV5.0
EPSS
14.3%
top 5.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Windows 10Msrc Windows 10 FOR 32-bit SystemsMsrc Windows 10 FOR X64-based Systems+2 more
Timeline
PublishedAug 9
Latest updateMay 14

Description

ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-9hf5-6fmh-h37q: ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain2022-05-14
OSV
linux-lts-xenial vulnerabilities2017-06-07

📋Vendor Advisories

2
Red Hat
mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)2017-01-17
Microsoft
Universal Outlook Information Disclosure Vulnerability2016-08-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - August 20162016-08-09
Talos
Microsoft Patch Tuesday - August 20162016-08-09