CVE-2016-0151

Опубликовано: 12 апр. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

Ссылки

http://www.securitytracker.com/id/1035544
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/39740/
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1035544
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/39740/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.59189

Средний

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

CWE-269

Связанные уязвимости

CVE-2016-0151

msrc

около 9 лет назад

Windows CSRSS Security Feature Bypass Vulnerability

GHSA-m2mf-9mv6-9g77