CVE-2016-7225

Published: Nov 10, 2016Modified: May 6, 2026

6.1

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Exploitability: 1.8 / Impact: 4.2

Source: NVD

Description

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."

Affected (4)

Products: Microsoft: Windows 10, Windows Server 2016

2 products

Windows Server 2016

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	All versions
Microsoft Windows 10	Version 1511
Microsoft Windows 10	Version 1607
Microsoft Windows Server 2016	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (8)

http://www.securityfocus.com/bid/94016

Source: secure@microsoft.com

http://www.securitytracker.com/id/1037248

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138

Source: secure@microsoft.com

https://www.exploit-db.com/exploits/40764/

Source: secure@microsoft.com

http://www.securityfocus.com/bid/94016

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037248

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-138

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/40764/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.