7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
21.6%
Vulnerability information
The vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV), if Microsoft Web Distributed Authoring and Versioning (WebDAV) client to validate the input properly, then which will present elevation of privilege vulnerability. Successful exploitation of this vulnerability an attacker can use the elevated privileges to execute arbitrary code.
To exploit this vulnerability, an attacker must first log into the system. Then, the attacker can run a to exploit this vulnerability via a specially designed app to control the affected system.
Workstations and servers the most vulnerable to this attack threat. This security update addresses the vulnerabilities by correcting the WebDAV authentication input the way to fix this vulnerability.
Vulnerability scope
Windows Vista SP2 x86 & x64 (elevation of Privilege)
Windows Server 2 0 0 8 SP2 x86 & x64 (elevation of Privilege)
Windows Server 2 0 0 8 R2 SP1 x64(elevation of Privilege)
Windows 7 SP1 x86 & x64 (elevation of Privilege)
Windows 8.1 x86 & x64(denial of service)
Windows Server 2 0 1 2(denial of service)
Windows Server 2 0 1 2 R2(denial of service)
Windows RT 8.1(denial of service)
Windows 1 0(denial of service)
POC & EXP
Vulnerability the author released a blue screen of POC as well as for the 3 2-bit win7 system. the right to EXP
Address:
<https://github.com/koczkatamas/CVE-2016-0051>
Windows 7 SP1 x86 local provide the right demo:
! /Article/UploadPic/2016-2/201621718202573.gif
Windows 1 0 x64 blue screen demonstration:
! /Article/UploadPic/2016-2/201621718204258.gif
Repair recommendations
Through the windows Update program to automatically download and install updates. Or go toMicrosoft Security Centerto obtain the stand-alone update package.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
21.6%