| Vulnerability Name: | CVE-2016-0006 (CCN-109286) | ||||||||||||
| Assigned: | 2015-12-04 | ||||||||||||
| Published: | 2016-01-12 | ||||||||||||
| Updated: | 2019-05-17 | ||||||||||||
| Summary: | The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) 6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-0006 Source: CCN Type: Microsoft Security Bulletin MS16-008 Security Update for Kernel to Address Elevation of Privilege (3124605) Source: CCN Type: Microsoft Security Bulletin MS16-014 Security update for Microsoft Windows to Address Remote Code Execution (3134228) Source: CCN Type: Microsoft Security Bulletin MS16-031 Security Update for Microsoft Windows to Address Elevation of Privilege (3140410) Source: CCN Type: Microsoft Security Bulletin MS16-044 Security Update for Windows OLE (3146706) Source: CCN Type: Microsoft Security Bulletin MS16-048 Security Update for CSRSS (3148528) Source: CCN Type: Microsoft Security Bulletin MS16-060 Security Update for Windows Kernel (3154846) Source: CCN Type: Microsoft Security Bulletin MS16-061 Security Update for Microsoft RPC (3155520) Source: CCN Type: Microsoft Security Bulletin MS16-092 Security Update for Windows Kernel (3171910) Source: CCN Type: Microsoft Security Bulletin MS16-111 Security Update for Windows Kernel (3186973) Source: CCN Type: Microsoft Security Bulletin MS16-120 Security Update for Microsoft Graphics Component (3192884) Source: CCN Type: Microsoft Security Bulletin MS16-122 Security Update for Microsoft Video Control (3195360) Source: CCN Type: Microsoft Security Bulletin MS16-123 Security Update for Kernel-Mode Drivers (3192892) Source: CCN Type: Microsoft Security Bulletin MS16-124 Security Update for Windows Registry (3193227) Source: CCN Type: Microsoft Security Bulletin MS16-126 Security Update for Microsoft Internet Messaging API (3196067) Source: CCN Type: Microsoft Security Bulletin MS16-131 Security Update for Microsoft Video Control (3199151) Source: CCN Type: Microsoft Security Bulletin MS16-139 Security Update for Windows Kernel (3199720) Source: CCN Type: Microsoft Security Bulletin MS16-155 Security Update for .NET Framework (3205640) Source: CCN Type: Microsoft Security Bulletin MS17-006 Cumulative Security Update for Internet Explorer (4013073) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: BID Type: Third Party Advisory, VDB Entry 79882 Source: CCN Type: BID-79882 Microsoft Windows Mount Point CVE-2016-0006 Local Privilege Escalation Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1034645 Source: MS Type: Patch, Vendor Advisory MS16-008 Source: XF Type: UNKNOWN ms-kernel-cve20160006-priv-esc(109286) Source: CCN Type: Packet Storm Security [01-22-2016] Microsoft Windows Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux 1 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-25-2016] Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 39311 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||