Vulnerability Name:

CCN-116306

Published:2014-12-09
Updated:2014-12-09
Summary:Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by improper handling of process limits. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass process restrictions.
CVSS v3 Severity:2.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
2.3 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:1.0 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Google Security Research Issue 213
Windows: Console Driver Job Object Process Limit Bypass

Source: XF
Type: UNKNOWN
ms-windows-condrv-security-bypass(116306)

Source: CCN
Type: Packet Storm Security [04-07-2016]
Microsoft Windows 8.1 Console Driver Job Object Process Limit Bypass

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows 8.1 - -
    microsoft windows 8.1 *