CVE-2016-0099

Опубликовано: 09 мар. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Критический

Описание

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/84034
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035210
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/39574/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39719/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39809/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40107/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/84034
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035210
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/39574/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39719/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/39809/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40107/
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90969

Критический

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-fq5j-826m-h5wc

CVSS3: 7.8

github

больше 3 лет назад

BDU:2016-00694

fstec

почти 10 лет назад

Уязвимость операционной системы Windows, позволяющая нарушителю повысить свои привилегии