Elevation of Privilege Vulnerability in Microsoft Windows CLFS Driver
CVE-2016-3338

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Windows Rt 8.1
Windows Server 2012
Windows 7
Windows 10
Vendor
CVE Published:
10 November 2016

What is CVE-2016-3338?

The Windows Common Log File System (CLFS) driver in various Microsoft Windows operating systems contains a vulnerability that allows local users to gain elevated privileges through a specially crafted application. This flaw potentially compromises the integrity and confidentiality of the affected systems, posing a significant risk to users and organizations relying on these outdated Windows versions.

References

http://www.securitytracker.com/id/1037252
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://www.securityfocus.com/bid/94014
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.