CVE-2016-0151

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

Published: Apr 13, 2016
Updated: Jul 10, 2024
CVE: CVE-2016-0151
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2012	r2	r2.x

http://www.securitytracker.com/id/1035544
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-048
https://www.exploit-db.com/exploits/39740/

Vulnerability Database

289,598

CVE-2016-0151