Vulnerability Details : CVE-2016-3302
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."
Vulnerability category: Execute codeGain privilege
Products affected by CVE-2016-3302
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3302
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3302
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST | |
|
6.3
|
MEDIUM | CVSS:3.0/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
0.4
|
5.9
|
NIST |
CWE ids for CVE-2016-3302
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3302
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-112
Microsoft Security Bulletin MS16-112 - Important | Microsoft DocsPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1036799
Windows Lock Screen Lets Physically Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/92853
Microsoft Windows CVE-2016-3302 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to