CVE-2016-7218Sensitive Information Exposure in Microsoft Windows 10

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.7%
top 28.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Microsoft Windows 10Microsoft Windows Server 2008Microsoft Windows Server 2012+13 more
Timeline
PublishedNov 10
Latest updateMay 14

Description

Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages15 packages

🔴Vulnerability Details

1
GHSA
GHSA-jp78-98c6-qp4m: Bowser2022-05-14

📋Vendor Advisories

1
Microsoft
Windows Bowser.sys Information Disclosure Vulnerability2016-11-08

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - November 20162016-11-08
Talos
Microsoft Patch Tuesday - November 20162016-11-08
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-08-2016