Vulnerability Description
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92815
- http://www.securitytracker.com/id/1036802
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11
- http://www.securityfocus.com/bid/92815
- http://www.securitytracker.com/id/1036802
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-11
FAQ
What is CVE-2016-3372?
CVE-2016-3372 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or caus...
How severe is CVE-2016-3372?
CVE-2016-3372 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3372?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2008, Microsoft Windows Vista.