Details of VAR-201611-0235

ID

VAR-201611-0235

CVE

CVE-2016-7225

TITLE

Microsoft Windows 10 and Windows Server 2016 Privilege Escalation Vulnerability in Virtual Hard Disk Driver

Trust: 0.8

sources: JVNDB: JVNDB-2016-005808

DESCRIPTION

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability.". According to Microsoft security bulletins, this vulnerability VHD Driver Elevation of Privilege Vulnerability ”. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through a specially crafted application. Microsoft Windows is a series of operating systems released by Microsoft Corporation of the United States. A local attacker can exploit this issue to run processes with elevated privileges

Trust: 2.43

sources: NVD: CVE-2016-7225 // JVNDB: JVNDB-2016-005808 // CNVD: CNVD-2016-11026 // BID: 94016

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11026

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows 10	scope:	eq	version:	1511	Trust: 1.6
vendor:	microsoft	model:	windows 10	scope:	eq	version:	1607	Trust: 1.6
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	-	Trust: 1.6
vendor:	microsoft	model:	windows 10	scope:	eq	version:	-	Trust: 1.6
vendor:	microsoft	model:	windows 10	scope:	eq	version:	for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1511 for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1511 for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1607 for 32-bit systems	Trust: 0.8
vendor:	microsoft	model:	windows 10	scope:	eq	version:	version 1607 for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	for x64-based systems	Trust: 0.8
vendor:	microsoft	model:	windows server 2016	scope:	eq	version:	for x64-based systems (server core install )	Trust: 0.8
vendor:	microsoft	model:	windows	scope:	eq	version:	10	Trust: 0.6
vendor:	microsoft	model:	windows	scope:	eq	version:	101511	Trust: 0.6
vendor:	microsoft	model:	windows	scope:	eq	version:	101607	Trust: 0.6
vendor:	microsoft	model:	windows server	scope:	eq	version:	2016	Trust: 0.6
vendor:	microsoft	model:	windows server for x64-based systems	scope:	eq	version:	20160	Trust: 0.3
vendor:	microsoft	model:	windows version for x64-based systems	scope:	eq	version:	1016070	Trust: 0.3
vendor:	microsoft	model:	windows version for 32-bit systems	scope:	eq	version:	1016070	Trust: 0.3
vendor:	microsoft	model:	windows version for x64-based systems	scope:	eq	version:	1015110	Trust: 0.3
vendor:	microsoft	model:	windows version for 32-bit systems	scope:	eq	version:	1015110	Trust: 0.3
vendor:	microsoft	model:	windows for x64-based systems	scope:	eq	version:	100	Trust: 0.3
vendor:	microsoft	model:	windows for 32-bit systems	scope:	eq	version:	100	Trust: 0.3

sources: CNVD: CNVD-2016-11026 // BID: 94016 // JVNDB: JVNDB-2016-005808 // CNNVD: CNNVD-201611-172 // NVD: CVE-2016-7225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7225
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-7225
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-11026
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201611-172
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2016-7225
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11026
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-7225
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	4.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11026 // JVNDB: JVNDB-2016-005808 // CNNVD: CNNVD-201611-172 // NVD: CVE-2016-7225

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-005808 // NVD: CVE-2016-7225

THREAT TYPE

local

Trust: 0.9

sources: BID: 94016 // CNNVD: CNNVD-201611-172

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-172

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005808

PATCH

title:	MS16-138	url:	https://technet.microsoft.com/en-us/library/security/ms16-138.aspx	Trust: 0.8
title:	MS16-138	url:	https://technet.microsoft.com/ja-jp/library/security/ms16-138.aspx	Trust: 0.8
title:	Patch for Microsoft VHD Driver Privilege Escalation Vulnerability (CNVD-2016-11026)	url:	https://www.cnvd.org.cn/patchInfo/show/83743	Trust: 0.6
title:	Microsoft Windows VHD Fixes for driver privilege elevation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65544	Trust: 0.6
title:	Microsoft Windows VHD Fixes for driver privilege elevation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65396	Trust: 0.6

sources: CNVD: CNVD-2016-11026 // JVNDB: JVNDB-2016-005808 // CNNVD: CNNVD-201611-172

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7225	Trust: 3.3
db:	BID	id:	94016	Trust: 2.5
db:	EXPLOIT-DB	id:	40764	Trust: 1.0
db:	SECTRACK	id:	1037248	Trust: 1.0
db:	JVNDB	id:	JVNDB-2016-005808	Trust: 0.8
db:	CNVD	id:	CNVD-2016-11026	Trust: 0.6
db:	NSFOCUS	id:	35363	Trust: 0.6
db:	CNNVD	id:	CNNVD-201611-172	Trust: 0.6

sources: CNVD: CNVD-2016-11026 // BID: 94016 // JVNDB: JVNDB-2016-005808 // CNNVD: CNNVD-201611-172 // NVD: CVE-2016-7225

REFERENCES

url:	http://www.securityfocus.com/bid/94016	Trust: 1.6
url:	http://www.securitytracker.com/id/1037248	Trust: 1.0
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138	Trust: 1.0
url:	https://www.exploit-db.com/exploits/40764/	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7225	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20161109-ms.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2016/at160046.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7225	Trust: 0.8
url:	https://technet.microsoft.com/library/security/ms16-138	Trust: 0.6
url:	http://technet.microsoft.com/security/bulletin/ms16-138	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/35363	Trust: 0.6
url:	http://www.microsoft.com/windows/default.mspx	Trust: 0.3
url:	http://technet.microsoft.com/en-us/security/bulletin/ms16-138	Trust: 0.3

sources: CNVD: CNVD-2016-11026 // BID: 94016 // JVNDB: JVNDB-2016-005808 // CNNVD: CNNVD-201611-172 // NVD: CVE-2016-7225

CREDITS

James Forshaw of Google Project Zero

Trust: 0.9

sources: BID: 94016 // CNNVD: CNNVD-201611-172

SOURCES

db:	CNVD	id:	CNVD-2016-11026
db:	BID	id:	94016
db:	JVNDB	id:	JVNDB-2016-005808
db:	CNNVD	id:	CNNVD-201611-172
db:	NVD	id:	CVE-2016-7225

LAST UPDATE DATE

2024-08-14T13:31:57.304000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11026	date:	2016-11-14T00:00:00
db:	BID	id:	94016	date:	2016-11-24T01:08:00
db:	JVNDB	id:	JVNDB-2016-005808	date:	2016-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201611-172	date:	2016-11-11T00:00:00
db:	NVD	id:	CVE-2016-7225	date:	2018-10-12T22:14:16.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11026	date:	2016-11-14T00:00:00
db:	BID	id:	94016	date:	2016-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-005808	date:	2016-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201611-172	date:	2016-11-11T00:00:00
db:	NVD	id:	CVE-2016-7225	date:	2016-11-10T06:59:38.063