7.8
CVSSv3

CVE-2016-0167

Published: 12/04/2016 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 644
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 1511

microsoft windows 10 -

microsoft windows server 2008

microsoft windows vista

microsoft windows rt 8.1 -

microsoft windows server 2012 r2

microsoft windows server 2012 -

microsoft windows 8.1

microsoft windows 7

microsoft windows server 2008 r2

Github Repositories

POC and exploitation of vulnerabilities

HolicPOC POC and exploitation of vulnerabilities CVE ID Platform Module CVE-2015-2546 Windows win32k CVE-2016-0165 Windows win32k CVE-2016-0167 Windows win32k CVE-2017-0101CVE-2018-0817 Windows win32k CVE-2017-0263 Windows win32k CVE-2018-8120 Windows win32k

Kernel-Security

Kernel Driver mmap Handler Exploitation Windows内核池喷射的乐趣 cve-2016-6187-heap-off-by-one-exploit Exploiting on CVE-2016-6787 Linux内核漏洞CVE-2016-0728的分析与利用 潜伏11年的Linux内核提权漏洞曝光 CVE-2017-5123 Linux kernel v413 (Disable SELinux) Exploiting Windows 10 Kernel Drivers - Stack Overflow Making something out of Zeros: Alternative

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command You can checkout all the tools with the following command: git clone --recursive githubcom/jekil/awesome-hack

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome hacking is an awesome collection of hacking tools.

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Recent Articles

Microsoft Zero Day Exposes 100 Companies to PoS Attack
Threatpost • Tom Spring • 11 May 2016

More than 100 North American companies were attacked by crooks exploiting a Windows zero day vulnerability. The attacks began in early March and involved the zero day vulnerability (CVE-2016-0167) reported and partially fixed in April’s Patch Tuesday security bulletins by Microsoft. The zero day was found by researchers at FireEye, who on Tuesday disclosed details.
FireEye said the flaw is a local elevation of privilege flaw in the win32k Windows Graphics subsystem. Attackers are able ...