Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0041 — Microsoft Internet Explorer vulnerability

7 documents6 sources

Severity

7.8HIGHNVD

EPSS

58.3%

top 1.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer Microsoft Windows 10 Microsoft Windows Server 2008 +1 more

Timeline

PublishedFeb 10

Latest updateMay 14

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511

▶NVDmicrosoft/internet_explorer10, 11+1

🔴Vulnerability Details

GHSA

GHSA-7q4m-gr62-6xww: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2022-05-14

▶

CVEList

CVE-2016-0041: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8↗2016-02-10

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)↗2015-12-08

▶

Metasploit

Office OLE Multiple DLL Side Loading Vulnerabilities↗

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2016↗2016-02-09

▶

Talos

Microsoft Patch Tuesday - February 2016↗2016-02-09

▶