Lucene search

[email protected]CVE-2016-0036

HistoryFeb 10, 2016 - 11:59 a.m.

CVE-2016-0036

2016-02-1011:59:02

CWE-264

[email protected]

web.nvd.nist.gov

windows

rdp

remote desktop protocol

vulnerability

cve-2016-0036

elevation of privilege

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.8%

JSON

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka “Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_10Match-

microsoftwindows_7Match-sp1

microsoftwindows_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

CPENameOperatorVersion
microsoft:windows_10microsoft windows 10eq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_10	microsoft windows 10	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2