CVE-2016-1715

Опубликовано: 12 янв. 2016

Источник: nvd

CVSS3: 6.6

CVSS2: 5.5

EPSS Низкий

Описание

The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location.

Ссылки

http://www.zerodayinitiative.com/advisories/ZDI-16-007
https://kc.mcafee.com/corporate/index?page=content&id=SB10145
Patch
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-007
https://kc.mcafee.com/corporate/index?page=content&id=SB10145
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:x86:*

Одно из

cpe:2.3:a:mcafee:application_control:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:application_control:6.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00381

Низкий

6.6 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

GHSA-f9p7-4jjw-qp22