CVE-2016-3309

CVSS 7.8 HIGHEPSS 20.6%● KEV

In short

A flaw in Windows kernel graphics drivers allows someone with access to a local user account to run malicious code with administrator privileges, potentially taking complete control of the computer.

Technical detail

Local privilege escalation vulnerability in Win32k kernel-mode driver affecting multiple Windows versions (Vista SP2 through Windows 10 1607). Attack vector requires local authentication and a specially crafted application to exploit improper validation in kernel graphics handling, resulting in SYSTEM-level code execution.

Summary generated and translated by AI from the official description.

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/siberas/CVE-2016-3309_Reloaded★ 53 cve_referencewww.exploit-db.com/exploits/42960/unverified exploitdbwww.exploit-db.com/exploits/42960unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-098 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3309 https://www.exploit-db.com/exploits/42960/http://www.securityfocus.com/bid/92297 http://www.securitytracker.com/id/1036572