Microsoft Windows Vista SP2 up to Server 2012 R2 WebDav access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in Microsoft Windows Vista SP2 up to Server 2012 R2. Impacted is an unknown function of the component WebDav. Such manipulation leads to access control. This vulnerability is listed as CVE-2016-0051. The attack must be carried out locally. In addition, an exploit is available. Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in Microsoft Windows Vista SP2 up to Server 2012 R2 (Operating System) and classified as problematic. Affected by this issue is an unknown part of the component WebDav. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. CVE summarizes:
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
The weakness was presented 02/10/2016 by koczkatamas with Microsoft as MS16-016 as confirmed bulletin (Technet). The advisory is shared for download at technet.microsoft.com. This vulnerability is handled as CVE-2016-0051 since 12/04/2015. The attack needs to be approached locally. A simple authentication is necessary for exploitation. Technical details are unknown but a public exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.
A public exploit has been developed by koczkatamas and been published immediately after the advisory. The exploit is available at exploit-db.com. It is declared as highly functional. As 0-day the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 88648 (MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 91164 (Microsoft WebDAV Privilege Escalation Vulnerability (MS16-016)).
Applying the patch MS16-016 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 22878.
The vulnerability is also documented in the databases at Exploit-DB (39432), Tenable (88648), SecurityFocus (BID 82682†) and Vulnerability Center (SBV-56494†). See VDB-80873 and VDB-80887 for similar entries. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
Video
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.4
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Highly functional
Author: koczkatamas
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 88648
Nessus Name: MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 802074
OpenVAS Name: Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (3136041)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: ms16_016_webdav.rb
MetaSploit Name: MS16-016 mrxdav.sys WebDav Local Privilege Escalation
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Patch: MS16-016
TippingPoint: 🔍
Fortigate IPS: 🔍
Timeline
12/04/2015 🔍02/09/2016 🔍
02/09/2016 🔍
02/10/2016 🔍
02/10/2016 🔍
02/10/2016 🔍
02/10/2016 🔍
02/10/2016 🔍
02/11/2016 🔍
11/03/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS16-016
Researcher: koczkatamas
Organization: Microsoft
Status: Confirmed
CVE: CVE-2016-0051 (🔍)
GCVE (CVE): GCVE-0-2016-0051
GCVE (VulDB): GCVE-100-80888
OVAL: 🔍
SecurityFocus: 82682
SecurityTracker: 1034980
Vulnerability Center: 56494 - [MS16-016] Microsoft WebDAV Client Local Privilege Escalation Vulnerability, High
scip Labs: https://www.scip.ch/en/?labs.20161215
See also: 🔍
Entry
Created: 02/11/2016 09:04Updated: 11/03/2024 21:40
Changes: 02/11/2016 09:04 (68), 04/07/2017 16:05 (29), 07/07/2022 15:58 (3), 07/07/2022 16:05 (1), 06/15/2024 09:58 (15), 11/03/2024 21:40 (2)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.