CVE-2016-0167

HIGH
2016-04-12 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:15 cisa
CISA KEV
Patch Released
Oct 22, 2025 - 00:15 nvd
Patch available
CVE Published
Apr 12, 2016 - 23:59 nvd
HIGH 7.8

Tags

Windows

Description

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.

Analysis

The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.

Technical Context

The win32k.sys vulnerability involves improper handling of window objects in the kernel-mode graphics subsystem. A crafted application can trigger a condition that allows writing to kernel memory, enabling token replacement for privilege escalation.

Affected Products

['Microsoft Windows Vista SP2 through Windows 10 1511', 'Microsoft Windows Server 2008 SP2 through Server 2012 R2', 'Microsoft Windows RT 8.1']

Remediation

Apply Microsoft security update MS16-039. Deploy Windows Defender Exploit Guard with ASR rules to limit win32k attack surface from sandboxed processes.

Priority Score

105
Low Medium High Critical
KEV: +50
EPSS: +6.1
CVSS: +39
POC: 0

Share

CVE-2016-0167 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy