CVE-2016-7184

EUVD-2016-8052

10.11.2016, 06:59

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_7	*
microsoft	windows_8.1	*
microsoft	windows_rt_8.1	*
microsoft	windows_server_2008	*
microsoft	windows_server_2012	-
microsoft	windows_server_2016	-
microsoft	windows_vista	*

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB3198585
1511 (x64, x86)	KB3198586
1607 (x64, x86)	KB3200970

Windows 7

Service Pack 1 (x64, x86)

KB3197868

Windows 8.1

(x64, x86)

KB3197874

Windows RT 8.1

All

KB3197874

Windows Server 2008

Service Pack 2 (x64, x86)	KB3181707
Service Pack 2 Server Core (x64, x86)	KB3181707

Windows Server 2008 R2

Service Pack 1 (x64)	KB3197868
Service Pack 1 Server Core (x64)	KB3197868

Windows Server 2012

Server Core	KB3197877
Standard	KB3197877

Windows Server 2012 R2

Server Core	KB3197874
Standard	KB3197874

Windows Server 2016

Server Core	KB3200970
Standard	KB3200970

Windows Vista

Service Pack 2	KB3181707
x64 Edition	KB3181707

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/94015

http://www.securitytracker.com/id/1037252

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134

http://www.securityfocus.com/bid/94015

http://www.securitytracker.com/id/1037252

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134