CVE-2016-3302

EUVD-2016-4334
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3185611
1511 (x64, x86)
KB3185614
1607 (x64, x86)
KB3189866
Windows 8.1
(x64, x86)
KB3178539
Windows RT 8.1
All
KB3178539
Windows Server 2012 R2
Server Core
KB3178539
Standard
KB3178539
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92853
http://www.securitytracker.com/id/1036799
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-112
http://www.securityfocus.com/bid/92853
http://www.securitytracker.com/id/1036799
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-112