CVE-2016-0016
published 2016-01-13CVE-2016-0016: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and…
PriorityP260high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
31.09%
98.0th percentile
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_vista_service_pack_2 | — | — |
| msrc | windows_vista_x64_edition_service_pack_2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for LoadLibraryW calls originating from WMALFXGFXDSP!DllGetClassObject loading 'mfplat' from the current working directory (CWD) of Microsoft Word, indicating DLL planting via a malicious OLE/RTF document. ↗
- →Alert on ole32!OleLoad being invoked for CLSIDs {62dc1a93-ae24-464c-a43e-452f824c4250}, {637c490d-eee3-4c0a-973f-371958802da2}, {874131cb-4ecc-443b-8948-746b89595d20}, or {96749377-3391-11D2-9EE3-00C04F797396}, all of which have InProcServer32 pointing to WMALFXGFXDSP.dll. ↗
- →Detect mfplat.dll being loaded from the same directory as a Word document (CWD) rather than from System32, as this indicates a successful DLL planting attack via this vulnerability. ↗
- ·The exploit requires the malicious DLL (mfplat.dll) to be placed in the same directory as the crafted document; the attack vector is local/network share delivery of both the document and the planted DLL together. ↗
- ·The RTF-based trigger requires no user interaction beyond opening the document (no click needed), making it more dangerous than the OLE packager variant which requires a single click on the embedded icon. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
vRealize Operations (vROps) updates address privilege escalation vulnerability
vendor_vmware·2016-10-11·CVSS 10.0
CVE-2016-7457 [CRITICAL] vRealize Operations (vROps) updates address privilege escalation vulnerability
VMSA-2016-0016: vRealize Operations (vROps) updates address privilege escalation vulnerability
vROps privilege escalation issue vROps contains a privilege escalation vulnerability. Exploitation of this issue may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed by vCenter. VMware would like to thank Edgar Carvalho for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-7457 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Severity Replace with/
Microsoft
CVE-2016-0016: Windows Library Loading: Windows Library Loading
Exploit Status: Publicly Disclosed:No;Exploited:No
Reference: https://catalog
vendor_msrc·2016-01-12·CVSS 7.8
CVE-2016-0016 [HIGH] CVE-2016-0016: Windows Library Loading: Windows Library Loading
Exploit Status: Publicly Disclosed:No;Exploited:No
Reference: https://catalog
Windows Library Loading: Windows Library Loading
Exploit Status: Publicly Disclosed:No;Exploited:No
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3110329
GHSA
GHSA-f5xr-q66q-m7v8: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2016-0016 [HIGH] CWE-426 GHSA-f5xr-q66q-m7v8: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Suricata
ET EXPLOIT_KIT SunDown EK CVE-2015-0016 Sep 22 2016 (b643)
suricata·2016-09-22·CVSS 7.8
CVE-2015-0016 [HIGH] ET EXPLOIT_KIT SunDown EK CVE-2015-0016 Sep 22 2016 (b643)
ET EXPLOIT_KIT SunDown EK CVE-2015-0016 Sep 22 2016 (b643)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT_KIT SunDown EK CVE-2015-0016 Sep 22 2016 (b643)"; flow:established,to_client; flowbits:set,SunDown.EK; file.data; content:"9xb4GwTUbwUQoyD09AFIox7g9y6"; classtype:exploit-kit; sid:2023279; rev:5; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Web_Browsers, attack_target Client_Endpoint, created_at 2016_09_22, cve CVE_2015_0016, malware_family SunDown, confidence High, signature_severity Major, tag Exploit_Kit_Sundown, tag CISA_KEV, updated_at 2024_03_14;)
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
### Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively. In total, four vulnerabilities were addre
Talos
Microsoft Patch Tuesday - January 2016
blogs_talos·2016-01-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - January 2016
## Microsoft Patch Tuesday - January 2016
The first Patch Tuesday of 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is relatively light with nine bulletins addressing 25 vulnerabilities. Six bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, JScript/VBScript, Office, Silverlight, and Windows. The remaining three bulletins are rated important and address vulnerabilities in Exchange and several parts of Windows.
## Bulletins Rated Critical Microsoft bulletins MS16-001 through MS16-0006 are rated as critical in this month's release.
MS16-001 and MS16-002 are this month's Internet Explorer and Edge security bulletin respectively.
Zscaler
Zscaler found Multiple Security Vulnerabilities | 01-12-2016
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 01-12-2016
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://www.securitytracker.com/id/1034661https://code.google.com/p/google-security-research/issues/detail?id=555https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007https://www.exploit-db.com/exploits/39233/http://www.securitytracker.com/id/1034661https://code.google.com/p/google-security-research/issues/detail?id=555https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007https://www.exploit-db.com/exploits/39233/
2016-01-13
Published