CVE-2016-0135 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 10

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

8.4HIGHNVD

EPSS

0.5%

top 33.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems Msrc Windows 10 FOR X64-based Systems +2 more

Timeline

PublishedApr 12

Latest updateMay 14

Description

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/windows_101511

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1511_for_x64-based_systems

▶msrcmsrc/windows_10_for_32-bit_systems

▶msrcmsrc/windows_10_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-m53f-cgg8-5rff: The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logo↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Secondary Logon Elevation of Privilege Vulnerability↗2016-04-12

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter March 2026↗

▶

💬Community

Bugzilla

CVE-2016-2367 pidgin: MXIT Avatar Length Memory Disclosure Vulnerability↗2016-06-22

▶