Lucene search

[email protected]CVE-2016-3299

HistoryAug 09, 2016 - 9:59 p.m.

CVE-2016-3299

2016-08-0921:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2016-3299

netbios

spoofing

vulnerability

microsoft

windows

network traffic

epm

application container

protection

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka “NetBIOS Spoofing Vulnerability.”

CPENameOperatorVersion
microsoft:windows_rt_8.1microsoft windows rt 8.1eq*
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_7microsoft windows 7eq*
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_10microsoft windows 10eq1607
microsoft:windows_8.1microsoft windows 8.1eq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_vistamicrosoft windows vistaeq*
microsoft:windows_server_2012microsoft windows server 2012eq-

CPE	Name	Operator	Version
microsoft:windows_rt_8.1	microsoft windows rt 8.1	eq	*
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_7	microsoft windows 7	eq	*
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_10	microsoft windows 10	eq	1607
microsoft:windows_8.1	microsoft windows 8.1	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_vista	microsoft windows vista	eq	*
microsoft:windows_server_2012	microsoft windows server 2012	eq	-

Rows per page:

1-10 of 111

References

www.securityfocus.com/bid/92387

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2016-3299

prion1 mscve1 symantec1 nessus1 mskb3 openvas1 kaspersky2