CVE-2016-3306

EUVD-2016-4338
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_vista
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB3185611
1511 (x64, x86)
KB3185614
1607 (x64, x86)
KB3189866
Windows 7
Service Pack 1 (x64, x86)
KB3175024
Windows 8.1
(x64, x86)
KB3175024
Windows RT 8.1
All
KB3175024
Windows Server 2008
Service Pack 2 (x64, x86)
KB3175024
Service Pack 2 Server Core (x64, x86)
KB3175024
Windows Server 2008 R2
Service Pack 1 (x64)
KB3175024
Service Pack 1 Server Core (x64)
KB3175024
Windows Server 2012
Server Core
KB3175024
Standard
KB3175024
Windows Server 2012 R2
Server Core
KB3175024
Standard
KB3175024
Windows Vista
Service Pack 2
KB3175024
x64 Edition
KB3175024
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92813
http://www.securitytracker.com/id/1036802
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111
http://www.securityfocus.com/bid/92813
http://www.securitytracker.com/id/1036802
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111