1. Home
  2. CVE Database
  3. CVE-2016-3232
MEDIUM · 5.0

CVE-2016-3232

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted applic...

Vulnerability Description

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."

CVSS Score

5.0

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MicrosoftWindows Server 2012-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2016-3232?

CVE-2016-3232 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted applic...

How severe is CVE-2016-3232?

CVE-2016-3232 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3232?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2012.