Lucene search

[email protected]CVE-2016-3258

HistoryJul 13, 2016 - 1:59 a.m.

CVE-2016-3258

2016-07-1301:59:00

CWE-264

CWE-362

[email protected]

web.nvd.nist.gov

cve-2016-3258

race condition

microsoft windows

security

bypass

nvd

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

4.5 Medium

AI Score

Confidence

High

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

9.4%

JSON

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka “Windows File System Security Feature Bypass.”

CPENameOperatorVersion
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_8.1microsoft windows 8.1eq*
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_10microsoft windows 10eq-

CPE	Name	Operator	Version
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_8.1	microsoft windows 8.1	eq	*
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_10	microsoft windows 10	eq	-