CVE-2016-0190

medium

Description

Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-067

http://www.securitytracker.com/id/1035844

http://www.securityfocus.com/bid/90075

Details

Source: Mitre, NVD

Published: 2016-05-11

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium