CVE-2016-0016

HIGH

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

References

http://www.securitytracker.com/id/1034661

https://code.google.com/p/google-security-research/issues/detail?id=555

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007

https://www.exploit-db.com/exploits/39233/

Details

Source: MITRE

Published: 2016-01-13

Updated: 2019-05-15

Type: CWE-426

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH