Lucene search

[email protected]CVE-2016-3272

HistoryJul 13, 2016 - 1:59 a.m.

CVE-2016-3272

2016-07-1301:59:00

CWE-200

[email protected]

web.nvd.nist.gov

microsoft

windows

kernel

information disclosure

vulnerability

page-fault

system calls

nvd

cve-2016-3272

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

3.1 Low

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

41.9%

JSON

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka “Windows Kernel Information Disclosure Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_rt_8.1microsoft windows rt 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_10microsoft windows 10eq-

CPE	Name	Operator	Version
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_10	microsoft windows 10	eq	-