CVE-2016-3236

HIGH

Description

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."

References

http://www.securitytracker.com/id/1036104

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077

Details

Source: MITRE

Published: 2016-06-16

Updated: 2018-10-12

Type: CWE-19

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
91605MS16-077: Security Update for WPAD (3165191)NessusWindows : Microsoft Bulletins
critical