CVE-2016-3302

Опубликовано: 14 сент. 2016

Источник: nvd

CVSS3: 6.3

CVSS2: 6.2

EPSS Низкий

Описание

Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."

Ссылки

http://www.securityfocus.com/bid/92853
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036799
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-112
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92853
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036799
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-112
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00832

Низкий

6.3 Medium

CVSS3

6.2 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2016-3302

CVSS3: 7

msrc

почти 9 лет назад

Windows Lock Screen Elevation of Privilege Vulnerability

GHSA-5qrj-x9xq-qc4p