Privilege Escalation Vulnerability in Microsoft Windows Products
CVE-2016-0006

7.3HIGH

Key Information:

Vendor

Microsoft
Status
Windows Server 2008
Windows Server 2012
Windows Rt
Windows 10
Vendor
CVE Published:
13 January 2016

What is CVE-2016-0006?

A security flaw in the sandbox implementation of various Microsoft Windows operating systems allows local users to exploit crafted applications to escalate their privileges. This vulnerability is characterized by improper handling of reparse points. Affected systems include Windows Vista SP2, Windows Server 2008 SP2, and several iterations of Windows 7, 8, and 10. Addressing this issue is crucial for maintaining system integrity and preventing unauthorized access.

References

https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securitytracker.com/id/1034645
vdb-entryx_refsource_SECTRACK
https://www.exploit-db.com/exploits/39311/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.