Vulnerability Name: | CVE-2016-0151 (CCN-111836) | ||||||||||||
Assigned: | 2015-12-04 | ||||||||||||
Published: | 2016-04-12 | ||||||||||||
Updated: | 2018-10-12 | ||||||||||||
Summary: | The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-0151 Source: CCN Type: Microsoft Security Bulletin MS16-048 Security Update for CSRSS (3148528) Source: SECTRACK Type: Third Party Advisory 1035544 Source: MS Type: UNKNOWN MS16-048 Source: XF Type: UNKNOWN ms-csrss-cve20160151-security-bypass(111836) Source: CCN Type: Packet Storm Security [04-27-2016] Microsoft Windows CSRSS Privilege Escalation Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-27-2016] Source: EXPLOIT-DB Type: UNKNOWN 39740 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |