Home

CVE-2016-0073

Description

The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka Windows Kernel Local Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-0075.

Risk Information

Base Score
5.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.024

Associated Vulnerability

VulnerabilityOS Platform
GDI+ Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 (KB3192393)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 (KB3185332)Windows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3192441) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1511 (KB3192441) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB3194798) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1607 (KB3194798) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 for x64-based Systems (KB3192440) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3192391)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB3192391)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 (KB3192391)Windows
GDI+ Remote Code Execution Vulnerability for Windows 10 (KB3192440)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21582October, 2016 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB3192392)
PATCH-21580October, 2016 Security Only Quality Update for Windows 8.1 (KB3192392)
PATCH-21589October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)
PATCH-21649October, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3185331)
PATCH-21648October, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3185331)
PATCH-21644October, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3185331)
PATCH-21588October, 2016 Security Only Quality Update for Windows Server 2012 (KB3192393)
PATCH-21647October, 2016 Security Monthly Quality Rollup for Windows Server 2012 (KB3185332)
PATCH-21535Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3192441)
PATCH-21534Cumulative Update for Windows 10 Version 1511 (KB3192441)
PATCH-21537Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3194798)
PATCH-21536Cumulative Update for Windows 10 Version 1607 (KB3194798)
PATCH-21533Cumulative Update for Windows 10 for x64-based Systems (KB3192440)
PATCH-21586October, 2016 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB3192391)
PATCH-21585October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)
PATCH-21579October, 2016 Security Only Quality Update for Windows 7 (KB3192391)
PATCH-21532Cumulative Update for Windows 10 (KB3192440)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234