Lucene search

[email protected]CVE-2016-0018

HistoryJan 13, 2016 - 5:59 a.m.

CVE-2016-0018

2016-01-1305:59:00

CWE-426

[email protected]

web.nvd.nist.gov

microsoft

windows 7

windows 8

windows 8.1

windows server 2012

vulnerability

dll

code execution.

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.369 Low

EPSS

Percentile

97.2%

JSON

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka “DLL Loading Remote Code Execution Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_10microsoft windows 10eq-

CPE	Name	Operator	Version
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_10	microsoft windows 10	eq	-