| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Windows up to Vista and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Kernel API. Executing a manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2016-3371. The attack can only be executed locally. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.
Details
A vulnerability was found in Microsoft Windows up to Vista (Operating System). It has been declared as problematic. This vulnerability affects an unknown code of the component Kernel API. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality.
The weakness was shared 09/13/2016 by Google Security Research with Microsoft as MS16-111 as confirmed bulletin (Technet). The advisory is shared for download at technet.microsoft.com. This vulnerability was named CVE-2016-3371 since 03/15/2016. The exploitation appears to be easy. The attack needs to be approached locally. A single authentication is needed for exploitation. Technical details are unknown but a public exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.
A public exploit has been developed by James Forshaw (tiraniddo) in C# and been published before and not just after the advisory. It is possible to download the exploit at bugs.chromium.org. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 76 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 93470 (MS16-111: Security Update for Windows Kernel (3186973)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 91276 (Microsoft Windows Kernel Elevation of Privilege Vulnerabilities (MS16-111)).
Applying the patch MS16-111 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (40429), Tenable (93470) and SecurityFocus (BID 92814†). The entries VDB-91562, VDB-91563, VDB-91565 and VDB-91566 are related to this item. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 4.2
VulDB Base Score: 3.3
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: James Forshaw (tiraniddo)
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 93470
Nessus Name: MS16-111: Security Update for Windows Kernel (3186973)
Nessus File: 🔍
Nessus Family: 🔍
OpenVAS ID: 802074
OpenVAS Name: Microsoft Windows Kernel Multiple Vulnerabilities (3186973)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS16-111
Timeline
03/15/2016 🔍06/29/2016 🔍
09/13/2016 🔍
09/13/2016 🔍
09/13/2016 🔍
09/14/2016 🔍
09/14/2016 🔍
09/26/2016 🔍
05/10/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS16-111
Researcher: Google Security Research
Organization: Microsoft
Status: Confirmed
CVE: CVE-2016-3371 (🔍)
GCVE (CVE): GCVE-0-2016-3371
GCVE (VulDB): GCVE-100-91564
SecurityFocus: 92814 - Microsoft Windows Kernel CVE-2016-3371 Local Privilege Escalation Vulnerability
SecurityTracker: 1036802
scip Labs: https://www.scip.ch/en/?labs.20161215
See also: 🔍
Entry
Created: 09/14/2016 17:28Updated: 05/10/2025 20:34
Changes: 09/14/2016 17:28 (65), 11/22/2016 10:06 (1), 11/22/2016 10:07 (6), 11/22/2016 10:08 (2), 04/07/2017 13:28 (15), 09/16/2022 12:36 (7), 05/10/2025 20:34 (14)
Complete: 🔍
Committer: misc
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.