#Windows Distributed File System (DFS)

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a user connects a Windows client to a malicious server.

**How could an attacker exploit this vulnerability?** An attacker could exploit a DFS namespace (non-default) out-of-bound write vulnerability that results in heap corruption, which could then be used to perform arbitrary code execution on the server's dfssvc.exe process which runs as SYSTEM user.

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability could be triggered when a windows client connects to a malicious remote share.

**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel.