CVE-2016-0014

CVE-2016-0014 is a DLL-loading Elevation of Privilege vulnerability affecting multiple Windows versions (Vista through Windows 10 thresholds) where improper DLL loading allows a local attacker to gain complete control via a crafted application. Root cause: mishandling of DLL loading. Affected com...

CVE-2016-0016

CVE-2016-0016 is a Windows DLL loading vulnerability that enables local privilege escalation via a crafted application. Affected products include Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows 10, and Windows Server 2008/2012 families (as listed in the CVE entry). Root cause: mishandlin...

CVE-2016-0016

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL...

CVE-2016-0020

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability."...

CVE-2016-0020

CVE-2016-0020 is a local privilege-elevation flaw in Microsoft Windows where DLL loading mishandling allows a crafted application to gain privileges on affected systems. Public documentation (MS16-007) indicates multiple Windows versions are affected, including Windows Vista SP2, Windows Server 2...

CVE-2016-0018

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."...

CVE-2016-0014

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL...

Microsoft Windows Mapi DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0020)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to gain higher privileges or bypass sandboxing mechanisms. The attacker must entice the victim to run an executable file to...

Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0018)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

Microsoft Windows DLL Loading CVE-2016-0014 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Windows 10 for...

Microsoft Windows DLL Loading Remote Code Execution (MS16-007: CVE-2016-0016)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way Windows improperly validates input before loading libraries. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted file...

Microsoft Windows MAPI DLL Loading CVE-2016-0020 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can leverage this issue to execute arbitrary code with elevated privileges. Failed exploit attempts will result in a denial of service condition. Technologies Affected Microsoft Windows 7 for...

Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows DLL Loading Elevation of Privilege (MS16-007: CVE-2016-0014)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in certain DLL files, which could be abused by attackers to execute arbitrary code with the privileges of the current user. The attacker must entice the victim to run an executable...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2015-08313)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. The 'DirectWriteFontInfo::LoadFontFamilyData' function in the gfx/thebes/gfxDWriteFontList.cpp file in Mozilla Firefox versions prior to 43.0 has a Buffer overflow vulnerability. A remote...

OPC Systems.NET Local Privilege Vulnerability

OPC Systems.NET is a complete suite of products from the OPC Foundation of America that provides all . A local elevation of privilege vulnerability exists in OPC Systems.NET 8.00.0023 and earlier versions, which stems from the program failing to properly load a Dynamic Link Library DLL file. An...

Apple OS X Kernel Extended Load Verification Bypass Vulnerability

Apple OS X is an operating system developed by Apple Inc. An authentication bypass vulnerability exists in Apple OS X kernel extension loading, which allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

CVE-2015-7052

kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors...

Design/Logic Flaw

MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app...