#vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In a GPU paravirtualization scenario, an attacker who successfully exploited this vulnerability could traverse the guest’s security boundary to gain access to the host environment.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is one byte of kernel memory could be leaked back to the attacker.

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could view Virtual Trust Level 1 (VTL1) data from Virtual Trust 0 (VTL0) which is the least privileged level.

Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Double free in Windows Remote Procedure Call Interface Definition Language (IDL) allows an authorized attacker to elevate privileges locally.

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.