Vulnerability identifier: #VU130
Vulnerability risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to unknown error when handling objects in memory. A local user can read sensitive information on the target system.
Successful exploitation of this vulnerability may allow a local attacker to obtain potentially sensitive information.
Mitigation
To resolve this vulnerability vendor recommends installing the following updates:
Windows 10
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Vulnerable software versions
Windows:
External links
http://technet.microsoft.com/en-us/library/security/MS16-089
http://technet.microsoft.com/en-us/library/security/ms16-089.aspx
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.