Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-7188Microsoft Windows 10 vulnerability

CWE-2647 documents6 sources
Severity
7.8HIGHNVD
EPSS
2.9%
top 13.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Microsoft Windows 10Msrc Windows 10 FOR 32-bit SystemsMsrc Windows 10 FOR X64-based Systems+4 more
Timeline
PublishedOct 14
Latest updateMay 14

Description

The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDmicrosoft/windows_101511, 1607+1

🔴Vulnerability Details

1
GHSA
GHSA-2c5g-wfw7-9g8c: The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)2016-10-17

📋Vendor Advisories

1
Microsoft
Windows Diagnostics Hub Elevation of Privilege Vulnerability2016-10-11

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - October 20162016-10-11
Talos
Microsoft Patch Tuesday - October 20162016-10-11
Zscaler
Zscaler found Multiple Security Vulnerabilities | 11-10-2016