Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2016-7255

Published: 10/11/2016 Updated: 12/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 738
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Windows Rt 8.1

Vulnerability Summary

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows rt 8.1

microsoft windows 10 -

microsoft windows server 2008

microsoft windows server 2008 r2

microsoft windows server 2016

microsoft windows 8.1

microsoft windows 7

microsoft windows vista

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows 10 1511

microsoft windows 10 1607

Exploits

Exploit DB: Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (1)
Complete Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40823zip Presentation: wwwexploit-dbcom/docs/english/40822-i-know-where-your-page-lives---de-randomizing-the-latest-windows-10-kernelpdf I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 20 ...
Exploit DB: Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)
/* Source: ricklarabeeblogspotcom/2017/01/virtual-memory-page-tables-and-one-bithtml Binary: githubcom/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255exe Mirror: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41015exe */ // ricklarabeebl ...
Exploit DB: Microsoft Windows Kernel - 'win32k' Denial of Service (MS16-135)
/* Source: githubcom/tinysec/public/tree/master/CVE-2016-7255 Full Proof of Concept: githubcom/tinysec/public/tree/master/CVE-2016-7255 githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40745zip ******************************************************************** Created: 2016-11-09 14:23:09 ...
Exploit DB: Win32k ConsoleControl Offset Confusion
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value This can be leveraged to achieve an out of bounds write op ...
Exploit DB: Microsoft Windows kernel win32k Denial Of Service
The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135 ...
Exploit DB: Microsoft Windows Kernel win32k.sys NtSetWindowLongPtr Privilege Escalation
Microsoft Windows kernel win32ksys NtSetWindowLongPtr privilege escalation exploit that leverages the vulnerability outlined in MS16-135 ...
Exploit DB: Win32k ConsoleControl Offset Confusion / Privilege Escalation
A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value This can be leveraged to achieve an out of bounds write op ...

Github Repositories

https://github.com/mwrlabs/CVE-2016-7255

An exploit for CVE-2016-7255 on Windows 7/8/8.1/10(pre-anniversary) 64 bit

CVE-2016-7255 Proof Of Concept privilege escalation exploit using CVE-2016-7255, aims to mirror the functionality of the exploit found in the wild as described by Trend Micro You may want to fix the recovery before using this anywhere important Some code taken from tinysec's original crash PoC and the ReactOS project

https://github.com/yuvatia/page-table-exploitation

A demonstration of how page tables can be used to run arbitrary code in ring-0 and lead to a privesc. Uses CVE-2016-7255 as an example.

page-table-exploitation A demonstration of how page tables can be used to run arbitrary code in ring-0 and lead to a privesc Uses CVE-2016-7255 as an example

https://github.com/heh3/CVE-2016-7255

CVE-2016-7255 Used to exploit cve-2016-7255 in 64 bit versions of Windows, tested on Workstation 7 SP1, 81, 10 (prior to build 1607), and Server 2012 R2 To use cve-2016-7255 cve-2016-7255exe 7   - Windows 7 SP1 cve-2016-7255exe 81  - Windows 81 cve-2016-7255exe 10  - Windows 10 prior to build 1607 cve-2016-7255exe 12  - Wind

https://github.com/homjxi0e/CVE-2016-7255

CVE-2016-7255 The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 81, Windows Server 2012 Gold and R2, Windows RT 81, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability" With you Gihad

https://github.com/Iamgublin/CVE-2019-0803

Win32k Elevation of Privilege Poc

CVE-2019-0803 Win32k Elevation of Privilege Poc Screenshot Reference (steal Security token) githubcom/mwrlabs/CVE-2016-7255

https://github.com/ExpLife0011/CVE-2019-0803

Win32k Elevation of Privilege Poc

CVE-2019-0803 Win32k Elevation of Privilege Poc Screenshot Reference (steal Security token) githubcom/mwrlabs/CVE-2016-7255

https://github.com/Iamgublin/CVE-2020-1054

CVE-2020-1054 CVE-2020-1054 Learning Screenshot Reference 0xeb-bpgithubio/blog/2020/06/15/cve-2020-1054-analysishtml (steal Security token) githubcom/mwrlabs/CVE-2016-7255 (leak function) githubcom/DreamoneOnly/CVE-2019-0808-32-64-exp

https://github.com/bbolmin/cve-2016-7255_x86_x64

porting CVE-2016-7255 to x86 for educational purposes.

cve-2016-7255 x86, x64 porting CVE-2016-7255 to x86 for educational purposes reference code githubcom/rlarabee/exploits/tree/master/cve-2016-7255

https://github.com/ThunderJie/Study_pdf

搜集的一些kernel paper

Study_pdf 这里是我学习Windows内核上参阅过的感觉对自己有用的一些资料,大多是Windows平台上搜集的一些paper,fuzz的话我会逐渐补上,当然是我自己看完了然后觉得有用的才会放上来 Principle 内存池分配机制 Year PDF Content 2011 BlackHat_DC_2011_Mandt_kernelpool-wp Windows 7平台内存池分配原理

Recent Articles

The zero-day exploits of Operation WizardOpium
Securelist • Boris Larin Alexey Kulaev • 28 May 2020

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploits and vulnerabilities used in this attack. In the original blog post we described the exploit loader responsible for initial validation of the targe...

Read more...
Windows 10 Anniversary Update crushed exploits without need of patches
The Register • Darren Pauli • 16 Jan 2017

Microsoft security boffins throw fresh CVEs at unpatched OS, emerge smiling

Microsoft says its Windows 10 Anniversary Update squashes more exploit delivery chains than ever. The August updates brought in a series of operating system security improvements including boosts to Windows Defender and use of AppContainer, designed to raise the difficulty of having zero day exploits execute on patched systems. Redmond's security team tested its exploit mitigations against two kernel-level then zero-day exploits (CVE-2016-7255, CVE-2016-7256) used by active hacking groups that o...

Read more...

References

CWE-264http://www.securityfocus.com/bid/94064https://www.exploit-db.com/exploits/40823/https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.htmlhttps://securingtomorrow.mcafee.com/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/http://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/https://www.exploit-db.com/exploits/41015/http://packetstormsecurity.com/files/140468/Microsoft-Windows-Kernel-win32k.sys-NtSetWindowLongPtr-Privilege-Escalation.htmlhttps://github.com/mwrlabs/CVE-2016-7255http://www.securitytracker.com/id/1037251https://www.exploit-db.com/exploits/40745/https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-135https://nvd.nist.govhttps://www.theregister.co.uk/2017/01/16/windows_10_anniversary_update_crushed_exploits_without_need_of_patches/https://www.exploit-db.com/exploits/40823/https://github.com/mwrlabs/CVE-2016-7255
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook