CVE-2016-0014 — Untrusted Search Path in Microsoft Windows 10

CWE-426 — Untrusted Search Path10 documents7 sources

Severity

7.8HIGHNVD

EPSS

2.5%

top 14.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2008 Microsoft Windows Server 2012 +13 more

Timeline

PublishedJan 13

Latest updateMay 14

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

▶msrcmsrc/windows_server_2016

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w2gq-jj32-qq6q: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8↗2022-05-14

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, Fusion, and Tools updates address multiple security issues↗2016-09-13

▶

Microsoft

CVE-2016-0014: Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No Reference: https://catalog↗2016-01-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶

Talos

Microsoft Patch Tuesday - January 2016↗2016-01-12

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 01-12-2016↗

▶

💬Community

Bugzilla

CVE-2016-8602 ghostscript: check for sufficient params in .sethalftone5↗2016-10-12

▶

Bugzilla

CVE-2013-5653 ghostscript: getenv and filenameforall ignore -dSAFER↗2016-09-29

▶

Bugzilla

CVE-2016-7977 ghostscript: .libfile does not honor -dSAFER↗2016-09-29

▶