ID |
CVE-2016-3227
|
Summary |
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:gold:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*
-
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*
|
CVSS |
Base: | 10.0 (as of 08-05-2019 - 22:03) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS16-071 | bulletin_url | | date | 2016-06-14T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 3164065 | knowledgebase_url | | severity | Critical | title | Security Update for Microsoft Windows DNS Server |
|
refmap
via4
|
|
Last major update |
08-05-2019 - 22:03 |
Published |
16-06-2016 - 01:59 |
Last modified |
08-05-2019 - 22:03 |