CVE-2016-7223

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Published: Nov 10, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-7223
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
microsoft / windows_rt_8.1	-	-
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_10	1511	1511.x
microsoft / windows_10	1607	1607.x
microsoft / windows_8.1	-	-

http://www.securityfocus.com/bid/94003
http://www.securitytracker.com/id/1037248
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138

Vulnerability Database

289,599

CVE-2016-7223