CVE-2016-0151

EUVD-2016-0189
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
-
microsoftwindows_10_1511
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3147461
1511 (x64, x86)
KB3147458
Windows 8.1
(x64, x86)
KB3146723
Windows RT 8.1
All
KB3146723
Windows Server 2012
Server Core
KB3146723
Standard
KB3146723
Windows Server 2012 R2
Server Core
KB3146723
Standard
KB3146723
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1035544
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048
https://www.exploit-db.com/exploits/39740/
http://www.securitytracker.com/id/1035544
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048
https://www.exploit-db.com/exploits/39740/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0151