Vulnerability Name: | CVE-2016-3231 (CCN-113681) | ||||||||||||
Assigned: | 2016-06-14 | ||||||||||||
Published: | 2016-06-14 | ||||||||||||
Updated: | 2018-10-12 | ||||||||||||
Summary: | The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability." | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-19 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-3231 Source: CCN Type: Microsoft Security Bulletin MS16-078 Security Update for Windows Diagnostic Hub (3165479) Source: BID Type: UNKNOWN 91116 Source: SECTRACK Type: UNKNOWN 1036105 Source: MISC Type: UNKNOWN http://www.zerodayinitiative.com/advisories/ZDI-16-372 Source: MS Type: UNKNOWN MS16-078 Source: XF Type: UNKNOWN ms-diagnostics-cve20163231-priv-esc(113681) Source: CCN Type: ZDI-16-372 (Pwn2Own) Microsoft Windows Diagnostics Hub Standard Collector Directory Traversal Privilege Escalation Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |