CVE-2016-0151

CVE Database · CVE-2016-0151

CVE-2016-0151

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

63.20%

Published

Apr 12, 2016

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-28 · Due: 2022-04-18

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269CWE-269

Affected Products (6)

microsoft · windows_10_1507vulnerable

microsoft · windows_10_1511vulnerable

microsoft · windows_8.1vulnerable

microsoft · windows_rt_8.1vulnerable

microsoft · windows_server_2012vulnerable

References (7)

http://www.securitytracker.com/id/1035544