CVE-2016-3258

EPSS 0.22%
Veröffentlicht 13.07.2016 01:59:19
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 Version-

Microsoft ≫ Windows 10 Version1511

Microsoft ≫ Windows 8.1

Microsoft ≫ Windows Rt 8.1 Version-

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.446

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	1.2	1.9	2.9	AV:L/AC:H/Au:N/C:N/I:P/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/91606

http://www.securitytracker.com/id/1036289

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-092

https://nvd.nist.gov/vuln/detail/CVE-2016-3258

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3258

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3258

EUVD