CVE-2016-3369
published 2016-09-14CVE-2016-3369: Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
12.20%
95.7th percentile
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_msrc5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-63gw-hff3-vv3w: Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability
ghsa_unreviewed·2022-05-14
CVE-2016-3369 [HIGH] CWE-119 GHSA-63gw-hff3-vv3w: Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
Microsoft
Windows IPSec Denial of Service Vulnerability
vendor_msrc·2016-09-13·CVSS 5.7
CVE-2016-3369 [HIGH] Windows IPSec Denial of Service Vulnerability
Windows IPSec Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources.
The security update addresses the vulnerability by correcting how Windows handles objects in memory.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older So
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Windows 10 Remote Denial of Service
blogs_talos·2016-11-02·CVSS 7.5
CVE-2016-3369 [HIGH] Vulnerability Spotlight: Windows 10 Remote Denial of Service
## Vulnerability Spotlight: Windows 10 Remote Denial of Service
Vulnerability discovered by Piotr Bania of Cisco Talos.
## Overview
Talos is releasing an advisory for a remote denial of service attack vulnerability in Microsoft Windows 10 AHCACHE.SYS ( TALOS-2016-0191 / CVE-2016-3369 )
An attacker can craft a malicious portable executable file, which if accessed causes AHCACHE.SYS to attempt to access out of scope memory. This triggers a bugcheck in the Windows kernel causing the system to crash, denying service to the user. Although AHCACHE.SYS is the driver that handles local cache compatibility information, if the vulnerability is exploited the attacker is unable to execute code or elevate user privileges.
## Details
During a cache lookup, the ‘AslpFileQueryVersionString’ function
Talos
Vulnerability Spotlight: Windows 10 Remote Denial of Service
blogs_talos·2016-11-02·CVSS 7.5
CVE-2016-3369 [HIGH] Vulnerability Spotlight: Windows 10 Remote Denial of Service
Vulnerability discovered by Piotr Bania of Cisco Talos.
## Overview
Talos is releasing an advisory for a remote denial of service attack vulnerability in Microsoft Windows 10 AHCACHE.SYS (TALOS-2016-0191 / CVE-2016-3369)
An attacker can craft a malicious portable executable file, which if accessed causes AHCACHE.SYS to attempt to access out of scope memory. This triggers a bugcheck in the Windows kernel causing the system to crash, denying service to the user. Although AHCACHE.SYS is the driver that handles local cache compatibility information, if the vulnerability is exploited the attacker is unable to execute code or elevate user privileges.
## Details
During a cache lookup, the ‘AslpFileQueryVersionString’ function is called along with other functions. This function reads the valu
http://www.securityfocus.com/bid/92850http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110http://www.securityfocus.com/bid/92850http://www.securitytracker.com/id/1036798https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-110
2016-09-14
Published