CVE-2016-3227

EUVD-2016-4265
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2012
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows Server 2012
Server Core
KB3161951
Standard
KB3161951
Windows Server 2012 R2
Server Core
KB3161951
Standard
KB3161951
References
http://www.securitytracker.com/id/1036095
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-071
http://www.securitytracker.com/id/1036095
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-071