CVE-2016-3305

Description

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka Windows Session Object Elevation of Privilege Vulnerability, a different vulnerability than CVE-2016-3306.

Risk Information

Base Score

7.7

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:R

EPSS Score

Exploitation Probability

0.646

Associated Vulnerability

Vulnerability	OS Platform
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4025342) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4025342) - Delta	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4025342) - Cumulative	Windows
Microsoft Browser Spoofing Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4025342) - Delta	Windows
Windows Information Disclosure Vulnerability for Windows 10 for x64-based Systems (KB3185611) - Cumulative	Windows
Windows Information Disclosure Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3185614) - Cumulative	Windows
Windows Information Disclosure Vulnerability for Windows 10 Version 1511 (KB3185614) - Cumulative	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Server 2008 x64 Edition (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Server 2008 (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Vista for x64-based Systems (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Vista (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows 7 for x64-based Systems (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows 7 (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Server 2008 R2 x64 Edition (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Server 2012 (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows Server 2012 R2 (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows 8.1 for x64-based Systems (KB3175024)	Windows
Windows Session Object Elevation of Privilege Vulnerability for Windows 8.1 (KB3175024)	Windows
Windows Information Disclosure Vulnerability for Windows 10 (KB3185611)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-21344	Cumulative Update for Windows 10 for x64-based Systems (KB3185611)
PATCH-21346	Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3185614)
PATCH-21345	Cumulative Update for Windows 10 Version 1511 (KB3185614)
PATCH-21389	Security Update for Windows Server 2008 x64 Edition (KB3175024)
PATCH-21385	Security Update for Windows Server 2008 (KB3175024)
PATCH-21388	Security Update for Windows Vista for x64-based Systems (KB3175024)
PATCH-21384	Security Update for Windows Vista (KB3175024)
PATCH-21390	Security Update for Windows 7 for x64-based Systems (KB3175024)
PATCH-21386	Security Update for Windows 7 (KB3175024)
PATCH-21391	Security Update for Windows Server 2008 R2 x64 Edition (KB3175024)
PATCH-21392	Security Update for Windows Server 2012 (KB3175024)
PATCH-21394	Security Update for Windows Server 2012 R2 (KB3175024)
PATCH-21393	Security Update for Windows 8.1 for x64-based Systems (KB3175024)
PATCH-21387	Security Update for Windows 8.1 (KB3175024)
PATCH-21343	Cumulative Update for Windows 10 (KB3185611)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234