CVE-2016-0040

CVSS 7.8 HIGHEPSS 24.6%● KEV

In short

A flaw in the Windows kernel allows a local user to run a specially crafted program that gives them higher system privileges than they should have. This is dangerous because it lets an attacker take full control of the computer.

Technical detail

A privilege escalation vulnerability in the Windows kernel (Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1) allows a local attacker to execute a malicious application that exploits insufficient validation in kernel mode operations, resulting in elevation to SYSTEM privileges. The attack requires local code execution capability but grants unrestricted kernel-level access.

Summary generated and translated by AI from the official description.

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/Rootkitsmm-zz/cve-2016-0040★ 45 githubgithub.com/de7ec7ed/CVE-2016-0040★ 14 cve_referencewww.exploit-db.com/exploits/44586/unverified exploitdbwww.exploit-db.com/exploits/44586unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0040 https://www.exploit-db.com/exploits/44586/http://www.securitytracker.com/id/1034985