CVE-2016-3372Windows Server 2008 FOR 32-bit Systems Service Pack 2 vulnerability

CWE-2643 documents3 sources
Severity
6.6MEDIUMNVD
EPSS
0.7%
top 28.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Msrc Windows Server 2008 FOR 32-bit Systems Service Pack 2Msrc Windows Server 2008 FOR Itanium-based Systems Service Pack 2Msrc Windows Server 2008 FOR X64-based Systems Service Pack 2+2 more
Timeline
PublishedSep 14
Latest updateMay 14

Description

The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HExploitability: 1.3 | Impact: 5.2

Affected Packages5 packages

🔴Vulnerability Details

1
GHSA
GHSA-j7gj-j445-3mj5: The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof pro2022-05-14

📋Vendor Advisories

1
Microsoft
Windows Elevation of Privilege Vulnerability2016-09-13