7.2
CVSSv2

CVE-2016-3309

Published: 09/08/2016 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 727
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows rt 8.1

microsoft windows server 2012 r2

microsoft windows 8.1

microsoft windows 7

microsoft windows 10 -

microsoft windows 10 1511

microsoft windows server 2012 -

microsoft windows vista

microsoft windows 10 1607

microsoft windows server 2008 r2

microsoft windows server 2008

Exploits

Sources: siberasde/blog/2017/10/05/exploitation_case_study_wild_pool_overflow_CVE-2016-3309_reloadedhtml githubcom/siberas/CVE-2016-3309_Reloaded Exploits for the recently-patched win32kfull!bFill vulnerability Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system The exploits should wo ...

Github Repositories

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow

#Exploiting MS16-098 RGNOBJ Integer Overflow on Windows 81 x64 bit by abusing GDI objects (CVE-2016-3309) For more details, please refer to SensePost Blog:wwwsensepostcom/blog/2017/exploiting-ms16-098-rgnobj-integer-overflow-on-windows-81-x64-bit-by-abusing-gdi-objects/

Exploits for the win32kfull!bFill vulnerability on Win10 x64 RS2 using Bitmap or Palette techniques

Kernel Exploitation Case Study - "Wild" Pool Overflow on Win10 x64 RS2 (CVE-2016-3309 Reloaded) This Github repo contains exploits for the recently-patched win32kfull!bFill vulnerability Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system The exploits should work fine on Windows 10 x64 with Creators Update, build 15063540

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation The vulnerability was found in the wild by Kaspersky The discovered exploit was written to support the following Windows products: Microsoft Windows Vista Micr

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-after-free in Win32k that allows for local privilege escalation The vulnerability was found in the wild by Kaspersky The discovered exploit was written to support the following Windows products: Microsoft Windows Vista Micr

Kernel-Security

Kernel Driver mmap Handler Exploitation Windows内核池喷射的乐趣 cve-2016-6187-heap-off-by-one-exploit Exploiting on CVE-2016-6787 Linux内核漏洞CVE-2016-0728的分析与利用 潜伏11年的Linux内核提权漏洞曝光 CVE-2017-5123 Linux kernel v413 (Disable SELinux) Exploiting Windows 10 Kernel Drivers - Stack Overflow Making something out of Zeros: Alternative

Reverse Shell-able Windows exploits short POCs.

Reverse Shell-able Exploit POCs Sharing the list of Windows exploits I encountered during my preparation for OSCP that didn't require GUI access and can be exploited via reverse shell I wrote a small proof-of-concept writeup for each of them and the affected versions were collected using this script I wrote in a quick and dirty way by scraping Microsoft and CVE website I

awesome-windows-kernel-security-development powershell githubcom/rootclay/Powershell-Attack-Guide pe file format githubcom/corkami/pics asm ide githubcom/ThomasJaeger/VisualMASM githubcom/Dman95/SASM githubcom/mrfearless/UASM-with-RadASM meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkain

APT-GUID

项目介绍 整理APT领域的一些资料,涉及但不仅限于以下几个方面 APT攻击工具 APT分析报告 APT攻击技巧 工具整理 信息收集 主动情报收集 EyeWitness可以获取网站的屏幕快照,提供一些服务器信息,并在可能的情况下标识默认凭据 githubcom/ChrisTruncer/EyeWitness AWSBucketDump 可用于快速

## суть RT -mitre-attackgithubio/ Краткое изложение вики технологии атак от организации miter Technology -[huntingdaygithubio](huntingdaygithubio/) MITER | ATT & CK Chinese station -[arxivorg](arxivorg/) Корнельский университет (Cornell University)

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

信息收集

RedTeam 信息收集 项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 另一个专门扫描破解的项目 另一个红队资

“网址”传输助手,记载一下平时用到好的在线网址。

Resource-list author:Echocipher mail:echocipher@163com blog:echociphergithubio 项目起因来源于看到别人分享的blog链接大全,于是参考了一下其中的内容形成了本项目,如果侵权,敬请告知。整理了格式,添加了一些自己平时会用到的内容,难免重复或者疏漏,如果您有推荐的相关内容或者其

windows kernel security development

awesome-windows-kernel-security-development powershell githubcom/rootclay/Powershell-Attack-Guide pe file format githubcom/corkami/pics asm ide githubcom/ThomasJaeger/VisualMASM githubcom/Dman95/SASM githubcom/mrfearless/UASM-with-RadASM meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkain

RedTeam 项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 和一个著名的蓝队项目:githubcom/meitar/awesome-c

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

简介 RedTeam活动周期各阶段资源整理。 相关资源 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP项目 wwwirongeekcom/iphp

awesome-windows-kernel-security-development powershell githubcom/rootclay/Powershell-Attack-Guide pe file format githubcom/corkami/pics asm ide githubcom/ThomasJaeger/VisualMASM githubcom/Dman95/SASM githubcom/mrfearless/UASM-with-RadASM meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkain

2019年红队资源链接,资源不是本人整理出来,来自互联网,因为流传的少,特意在此做个备份,做个分享。

项目简介 一个 Red Team 攻击的生命周期,整个生命周期包括: 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

Red-Team Attack Guid

项目简介 项目用于收集和归纳Red Team的以下几个方面 Red Team攻击思维 Red Team攻击工具 Red Team攻击方法 精华内容 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowas

日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种

redtool 日常积累的一些红队工具及自己写的脚本,更偏向于一些diy的好用的工具,并不是一些比较常用的msf/awvs/xray这种,缓慢积累中 说明 文件名 说明 cve-2017-10271py 漏洞poc cve-2020-0796-scannerzip 漏洞扫描器 HTTP代码爬取zip http代理池中爬取可用代理 Layer子域名挖掘机zip 子域名

Exploit Advanced Windows exploit development resources Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocumented kernel structures Windows X86-64 System Call Table Vulnerable Driver Megathread Windows Rootkits Talks / video recordings 11 part playlist - Rootk

相关资源列表 mitre-attackgithubio/ mitre 科技机构对攻击技术的总结 wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学(Cornell University)开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP 项目 wwwirongeekcom/iphp?page=security/hackingillustrated 国内外安全大会

目录导航 相关资源列表 攻防测试手册 内网安全文档 学习手册相关资源 Checklist 和基础安全知识 产品设计文档 学习靶场 漏洞复现 开源漏洞库 工具包集合 漏洞收集与 Exp、Poc 利用 物联网路由工控漏洞收集 Java 反序列化漏洞收集 版本管理平台漏洞收集 MS 与 Office 漏洞收集 Kali 环境下拓展

windows 提权漏洞利用合集,利用脚本都已经生成可执行文件,附带编译环境,演示GIF图,漏洞详细信息

Welcome to Kernelhub 请使用者遵守 中华人民共和国网络安全法,勿将项目用于非授权的测试,项目开发者不负任何连带法律责任。 前言 目前还在收集当中,有几个CVE并没有找到可以利用的源码或者脚本 还有各位大佬的项目地址我也没写文档,后面总结好会在每个CVE下面标明

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Microsoft Patch Tuesday bug harvest festival comes to town
The Register • Thomas Claburn in San Francisco • 12 Oct 2021

Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone

Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month.
Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity.
Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security fea...