Home

CVE-2016-3376

Description

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka Win32k Elevation of Privilege Vulnerability. a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
22.372

Associated Vulnerability

VulnerabilityOS Platform
Internet Explorer Spoofing Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4038788) - CumulativeWindows
Internet Explorer Spoofing Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4038788) - DeltaWindows
Internet Explorer Spoofing Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4038788) - CumulativeWindows
Internet Explorer Spoofing Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4038788) - DeltaWindows
GDI+ Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3192392)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 R2 (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows 8.1 (KB3185331)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2012 (KB3192393)Windows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB3192441) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1511 (KB3192441) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB3194798) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 Version 1607 (KB3194798) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows 10 for x64-based Systems (KB3192440) - CumulativeWindows
GDI+ Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3192391)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB3192391)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 (KB3192391)Windows
GDI+ Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB3185330)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB3185330)Windows
GDI+ Information Disclosure Vulnerability for Windows 7 (KB3185330)Windows
GDI+ Remote Code Execution Vulnerability for Windows Server 2008 x64 Edition (KB3191203)Windows
GDI+ Remote Code Execution Vulnerability for Windows Server 2008 (KB3191203)Windows
GDI+ Remote Code Execution Vulnerability for Windows Vista for x64-based Systems (KB3191203)Windows
GDI+ Remote Code Execution Vulnerability for Windows Vista (KB3191203)Windows
Win32k Elevation of Privilege Vulnerability for Windows Server 2008 x64 Edition (KB3183431)Windows
Win32k Elevation of Privilege Vulnerability for Windows Server 2008 (KB3183431)Windows
Win32k Elevation of Privilege Vulnerability for Windows Vista for x64-based Systems (KB3183431)Windows
Win32k Elevation of Privilege Vulnerability for Windows Vista (KB3183431)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-21582October, 2016 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB3192392)
PATCH-21580October, 2016 Security Only Quality Update for Windows 8.1 (KB3192392)
PATCH-21589October, 2016 Security Only Quality Update for Windows Server 2012 R2 (KB3192392)
PATCH-21649October, 2016 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB3185331)
PATCH-21648October, 2016 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB3185331)
PATCH-21644October, 2016 Security Monthly Quality Rollup for Windows 8.1 (KB3185331)
PATCH-21588October, 2016 Security Only Quality Update for Windows Server 2012 (KB3192393)
PATCH-21535Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3192441)
PATCH-21534Cumulative Update for Windows 10 Version 1511 (KB3192441)
PATCH-21537Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB3194798)
PATCH-21536Cumulative Update for Windows 10 Version 1607 (KB3194798)
PATCH-21533Cumulative Update for Windows 10 for x64-based Systems (KB3192440)
PATCH-21586October, 2016 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB3192391)
PATCH-21585October, 2016 Security Only Quality Update for Windows 7 for x64-based Systems (KB3192391)
PATCH-21579October, 2016 Security Only Quality Update for Windows 7 (KB3192391)
PATCH-21646October, 2016 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB3185330)
PATCH-21645October, 2016 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB3185330)
PATCH-21643October, 2016 Security Monthly Quality Rollup for Windows 7 (KB3185330)
PATCH-21583Security Update for Windows Server 2008 x64 Edition (KB3191203)
PATCH-21577Security Update for Windows Server 2008 (KB3191203)
PATCH-21581Security Update for Windows Vista for x64-based Systems (KB3191203)
PATCH-21575Security Update for Windows Vista (KB3191203)
PATCH-21584Security Update for Windows Server 2008 x64 Edition (KB3183431)
PATCH-21578Security Update for Windows Server 2008 (KB3183431)
PATCH-21574Security Update for Windows Vista for x64-based Systems (KB3183431)
PATCH-21576Security Update for Windows Vista (KB3183431)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234