← Retour aux CVEs
CVE-2016-0151
HIGHCISA KEV7.8
Description
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie4/12/2016
Derniere modification4/21/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
ProduitClient-Server Run-time Subsystem (CSRSS)
Nom vulnerabiliteMicrosoft Windows CSRSS Security Feature Bypass Vulnerability
Date ajout KEV2022-03-28
Date limite remediation2022-04-18
Utilise dans ransomwareKnown
Produits affectes
microsoft:windows_10_1507microsoft:windows_10_1511microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2012
Faiblesses (CWE)
CWE-269CWE-269
References
http://www.securitytracker.com/id/1035544(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048(secure@microsoft.com)
https://www.exploit-db.com/exploits/39740/(secure@microsoft.com)
http://www.securitytracker.com/id/1035544(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39740/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0151(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.