CVE-2016-0190 Information

Description

Volume Manager Driver in Microsoft Windows 8.1 Windows Server 2012 Gold and R2 and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk which allows local users to read arbitrary files on these disks via RemoteFX requests aka \Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability.\

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/90075 http://www.securitytracker.com/id/1035844 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5