Vulnerabilities > CVE-2016-3309 - Unspecified vulnerability in Microsoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.
Vulnerable Configurations
Exploit-Db
| description | Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow. CVE-2016-3309. Local exploit for Win_x86-64 platform |
| file | exploits/windows_x86-64/local/42960.txt |
| id | EDB-ID:42960 |
| last seen | 2017-10-06 |
| modified | 2017-10-06 |
| platform | windows_x86-64 |
| port | |
| published | 2017-10-06 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/42960/ |
| title | Microsoft Windows 10 x64 RS2 - 'win32kfull!bFill' Pool Overflow |
| type | local |
Msbulletin
| bulletin_id | MS16-098 |
| bulletin_url | |
| date | 2016-08-09T00:00:00 |
| impact | Elevation of Privilege |
| knowledgebase_id | 3178466 |
| knowledgebase_url | |
| severity | Important |
| title | Security Update for Windows Kernel-Mode Drivers |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS16-098.NASL |
| description | The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities in the Windows kernel-mode driver due to a failure to properly handle objects in memory. An authenticated, remote attacker can exploit these issues, via a crafted application, to execute arbitrary code in kernel mode. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 92821 |
| published | 2016-08-09 |
| reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/92821 |
| title | MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) |