ByteOS Network

NVD Vulnerability Details :

CVE-2016-3373

Modified

Source-secure@microsoft.com

Published At-14 Sep, 2016 | 10:59

Updated At-06 May, 2026 | 22:30

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 does not properly implement registry access control, which allows local users to obtain sensitive account information via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1511

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1607

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_7>>*

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>*

cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/92845	secure@microsoft.com	N/A
http://www.securitytracker.com/id/1036802	secure@microsoft.com	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111	secure@microsoft.com	N/A
https://www.exploit-db.com/exploits/40430/	secure@microsoft.com	N/A
http://www.securityfocus.com/bid/92845	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1036802	af854a3a-2127-422b-91ae-364da2661108	N/A
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-111	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.exploit-db.com/exploits/40430/	af854a3a-2127-422b-91ae-364da2661108	N/A