Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)

An elevation of privilege vulnerability exists in Windows Input Method Editor IME. The vulnerability is due to the way Input Method Editor improperly handles DLL loading. A locally authenticated attacker can exploit this vulnerability by running a specially crafted application...

CVE-2016-7221

Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

CVE-2016-7221

Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

CVE-2016-7221

Input Method Editor IME in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via...

CVE-2016-7221

CVE-2016-7221 is a Windows IME DLL-loading privilege-escalation issue. The IME loads DLLs via a registry-controlled mechanism and can be exploited by a locally authenticated user to gain higher privileges when an application initiates the IME. Public writeups (e.g., JVN/JVND) describe the exploit...

Microsoft Windows Input Method Editor CVE-2016-7221 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated system privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems...