cvelistv5 - cve-2016-3341

CVE-2016-3341 (GCVE-0-2016-3341)

Vulnerability from cvelistv5 – Published: 2016-10-14 01:00 – Updated: 2024-08-05 23:56

Summary

The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Windows Transaction Manager Elevation of Privilege Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1036996	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/93391	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:13.155Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036996",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036996"
          },
          {
            "name": "MS16-123",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
          },
          {
            "name": "93391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93391"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1036996",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036996"
        },
        {
          "name": "MS16-123",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
        },
        {
          "name": "93391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93391"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036996",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036996"
            },
            {
              "name": "MS16-123",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
            },
            {
              "name": "93391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93391"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-3341",
    "datePublished": "2016-10-14T01:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:56:13.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"232581CC-130A-4C62-A7E9-2EC9A9364D53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"197E82CB-81AF-40F1-A55C-7B596891A783\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \\\"Windows Transaction Manager Elevation of Privilege Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Los drivers kernel-mode en Transaction Manager en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a trav\\u00e9s de una aplicaci\\u00f3n manipulada, una vulnerabilidad tambi\\u00e9n conocida como \\\"Windows Transaction Manager Elevation of Privilege Vulnerability\\\".\"}]",
      "id": "CVE-2016-3341",
      "lastModified": "2024-11-21T02:49:49.783",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-10-14T02:59:16.270",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/93391\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036996\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/93391\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036996\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-3341\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2016-10-14T02:59:16.270\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \\\"Windows Transaction Manager Elevation of Privilege Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Los drivers kernel-mode en Transaction Manager en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, una vulnerabilidad tambi\u00e9n conocida como \\\"Windows Transaction Manager Elevation of Privilege Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197E82CB-81AF-40F1-A55C-7B596891A783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93391\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1036996\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/93391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2016-3341

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-3341

Aliases

CVE-2016-3341

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-3341",
    "description": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\"",
    "id": "GSD-2016-3341"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-3341"
      ],
      "details": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\"",
      "id": "GSD-2016-3341",
      "modified": "2023-12-13T01:21:27.630681Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2016-3341",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1036996",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036996"
          },
          {
            "name": "MS16-123",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
          },
          {
            "name": "93391",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93391"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-3341"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93391",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93391"
            },
            {
              "name": "1036996",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036996"
            },
            {
              "name": "MS16-123",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-12T22:12Z",
      "publishedDate": "2016-10-14T02:59Z"
    }
  }
}

CERTFR-2016-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2008 R2
Microsoft	Windows	Windows 10
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2008
Microsoft	Windows	Windows 7
Microsoft	Windows	Windows Vista
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-124 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-123 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-122 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-125 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-120 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-126 du 12 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3396"
    },
    {
      "name": "CVE-2016-0070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0070"
    },
    {
      "name": "CVE-2016-3298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3298"
    },
    {
      "name": "CVE-2016-7182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7182"
    },
    {
      "name": "CVE-2016-7211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7211"
    },
    {
      "name": "CVE-2016-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0142"
    },
    {
      "name": "CVE-2016-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0075"
    },
    {
      "name": "CVE-2016-3270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3270"
    },
    {
      "name": "CVE-2016-0079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0079"
    },
    {
      "name": "CVE-2016-3376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3376"
    },
    {
      "name": "CVE-2016-7188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7188"
    },
    {
      "name": "CVE-2016-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3209"
    },
    {
      "name": "CVE-2016-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7191"
    },
    {
      "name": "CVE-2016-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7185"
    },
    {
      "name": "CVE-2016-3263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3263"
    },
    {
      "name": "CVE-2016-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3393"
    },
    {
      "name": "CVE-2016-3266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3266"
    },
    {
      "name": "CVE-2016-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3341"
    },
    {
      "name": "CVE-2016-0073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0073"
    },
    {
      "name": "CVE-2016-3262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3262"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-124 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-123 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-122 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-125 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-120 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-126 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-126"
    }
  ]
}

CERTFR-2016-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2008 R2
Microsoft	Windows	Windows 10
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2008
Microsoft	Windows	Windows 7
Microsoft	Windows	Windows Vista
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS16-124 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-123 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-122 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-125 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-120 du 12 octobre 2016	None	vendor-advisory
Bulletin de sécurité Microsoft MS16-126 du 12 octobre 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-3396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3396"
    },
    {
      "name": "CVE-2016-0070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0070"
    },
    {
      "name": "CVE-2016-3298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3298"
    },
    {
      "name": "CVE-2016-7182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7182"
    },
    {
      "name": "CVE-2016-7211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7211"
    },
    {
      "name": "CVE-2016-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0142"
    },
    {
      "name": "CVE-2016-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0075"
    },
    {
      "name": "CVE-2016-3270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3270"
    },
    {
      "name": "CVE-2016-0079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0079"
    },
    {
      "name": "CVE-2016-3376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3376"
    },
    {
      "name": "CVE-2016-7188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7188"
    },
    {
      "name": "CVE-2016-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3209"
    },
    {
      "name": "CVE-2016-7191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7191"
    },
    {
      "name": "CVE-2016-7185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7185"
    },
    {
      "name": "CVE-2016-3263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3263"
    },
    {
      "name": "CVE-2016-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3393"
    },
    {
      "name": "CVE-2016-3266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3266"
    },
    {
      "name": "CVE-2016-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3341"
    },
    {
      "name": "CVE-2016-0073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0073"
    },
    {
      "name": "CVE-2016-3262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3262"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-340",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-124 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-123 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-122 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-125 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-120 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS16-126 du 12 octobre 2016",
      "url": "https://technet.microsoft.com/fr-fr/library/security/MS16-126"
    }
  ]
}

CNVD-2016-09368

Vulnerability from cnvd - Published: 2016-10-18

Title

Microsoft Transaction Manager权限提升漏洞

Description

Microsoft Windows是流行的计算机操作系统。 Windows Transaction Manager未能正确处理内存对象存在权限提升漏洞。可使攻击者通过构造的应用，控制受影响系统。

Severity

高

Patch Name

Microsoft Transaction Manager权限提升漏洞的补丁

Patch Description

Microsoft Windows是流行的计算机操作系统。 Windows Transaction Manager未能正确处理内存对象存在权限提升漏洞。可使攻击者通过构造的应用，控制受影响系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://technet.microsoft.com/security/bulletin/MS16-123

Reference

http://technet.microsoft.com/security/bulletin/MS16-123

Impacted products

Name
['Microsoft Windows 8.1', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows RT 8.1', 'Microsoft Windows server 2012 Gold', 'Microsoft Windows 10 Gold', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93391"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3341"
    }
  },
  "description": "Microsoft Windows\u662f\u6d41\u884c\u7684\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows Transaction Manager\u672a\u80fd\u6b63\u786e\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u53ef\u4f7f\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7684\u5e94\u7528\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002",
  "discovererName": "Peter Hlavaty (@zer0mem), KeenLab, Tencent.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttp://technet.microsoft.com/security/bulletin/MS16-123",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09368",
  "openTime": "2016-10-18",
  "patchDescription": "Microsoft Windows\u662f\u6d41\u884c\u7684\u8ba1\u7b97\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows Transaction Manager\u672a\u80fd\u6b63\u786e\u5904\u7406\u5185\u5b58\u5bf9\u8c61\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u53ef\u4f7f\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7684\u5e94\u7528\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Transaction Manager\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 8.1",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows RT 8.1",
      "Microsoft Windows server 2012 Gold",
      "Microsoft Windows 10 Gold",
      "Microsoft Windows 10  1511",
      "Microsoft Windows 10 1607"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS16-123",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-14",
  "title": "Microsoft Transaction Manager\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

FKIE_CVE-2016-3341

Vulnerability from fkie_nvd - Published: 2016-10-14 02:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	http://www.securityfocus.com/bid/93391
	secure@microsoft.com	http://www.securitytracker.com/id/1036996
	secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93391
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036996
	af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123

Impacted products

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_10	1511
microsoft	windows_10	1607
microsoft	windows_8.1	*
microsoft	windows_rt_8.1	*
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
              "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Los drivers kernel-mode en Transaction Manager en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, una vulnerabilidad tambi\u00e9n conocida como \"Windows Transaction Manager Elevation of Privilege Vulnerability\"."
    }
  ],
  "id": "CVE-2016-3341",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-14T02:59:16.270",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/93391"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id/1036996"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5HXW-V5G5-X67W

Vulnerability from github – Published: 2022-05-14 02:23 – Updated: 2022-05-14 02:23

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-3341"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-14T02:59:00Z",
    "severity": "HIGH"
  },
  "details": "The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka \"Windows Transaction Manager Elevation of Privilege Vulnerability.\"",
  "id": "GHSA-5hxw-v5g5-x67w",
  "modified": "2022-05-14T02:23:33Z",
  "published": "2022-05-14T02:23:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3341"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93391"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036996"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-3341 (GCVE-0-2016-3341)

GSD-2016-3341

CERTFR-2016-AVI-340

Solution

CERTFR-2016-AVI-340

Solution

CNVD-2016-09368

FKIE_CVE-2016-3341

GHSA-5HXW-V5G5-X67W

Tags

Sightings

Nomenclature