CVE-2016-0151

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1, 10 Gold, 10 1511, Server 2012 Gold, Server 2012 R2, and RT 8.1

Description The issue is related to the mismanagement of process tokens by the Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows, allowing local users to gain privileges via a crafted application. This is due to insufficient access control, which can be exploited by an attacker to elevate their privileges.

Recommendations For Microsoft Windows versions 8.1, 10 Gold, 10 1511, Server 2012 Gold, Server 2012 R2, and RT 8.1, apply the necessary security updates to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

BDU:2016-01013

CVE-2016-0151

Affected Products

Windows

Windows 10

Windows 8.1

Windows Rt 8.1

Windows Server 2012

Windows Server 2012 R2

CVE-2016-0151

Weakness Enumeration

Related Identifiers

Affected Products

References · 16