CVE-2016-0190

Published: May 11, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."

Affected (4)

Products: Microsoft: Windows 8.1, Windows Rt 8.1, Windows Server 2012

3 products

Windows Server 2012

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 2012	All versions
Microsoft Windows Server 2012	Version r2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/90075

Source: secure@microsoft.com

http://www.securitytracker.com/id/1035844

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067

Source: secure@microsoft.com

http://www.securityfocus.com/bid/90075

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035844

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.