CVE-2016-7255

Опубликовано: 10 нояб. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Высокий

Описание

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Ссылки

http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
Broken Link
http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94064
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037251
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135
Patch
Vendor Advisory
https://github.com/mwrlabs/CVE-2016-7255
Exploit
Third Party Advisory
https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
Broken Link
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Third Party Advisory
https://www.exploit-db.com/exploits/40745/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/40823/
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41015/
Exploit
Third Party Advisory
VDB Entry
http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/
Broken Link
http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/94064
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037251
Broken Link
Third Party Advisory
VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135
Patch
Vendor Advisory
https://github.com/mwrlabs/CVE-2016-7255
Exploit
Third Party Advisory
https://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/
Broken Link
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Third Party Advisory
https://www.exploit-db.com/exploits/40745/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1511:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.89359

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2016-7255

CVSS3: 6.1

msrc

больше 8 лет назад

Win32k Elevation of Privilege Vulnerability

GHSA-6rfx-wjcx-jvgf