Vulnerability Details CVE-2016-0190
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://www.securityfocus.com/bid/90075
- http://www.securitytracker.com/id/1035844
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067
- http://www.securityfocus.com/bid/90075
- http://www.securitytracker.com/id/1035844
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067
Products affected by CVE-2016-0190
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20520
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:6.3.9600.20520
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2