Vulnerability identifier: #VU1116

Vulnerability risk: Medium

CVSSv3.1: 8.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C]

CVE-ID: CVE-2016-7255

CWE-ID: CWE-119

Exploitation vector: Local

Exploits in database: 8

• June 17, 2021
  • Microsoft Windows - 'Win32k' Local Privilege Escalation [Exploit-DB]
• July 20, 2020
  • CVE-2020-1054 () [Github]
• June 2, 2020
  • WindowsExploitationResources (Resources pertaining to advanced Windows exploit development and semi-related topics) [Github]
• April 7, 2020
  • CVE-2016-7255 (An exploit for CVE-2016-7255 on Windows 7/8/8.1/10(pre-anniversary) 64 bit) [Github]
• March 18, 2020
  • page-table-exploitation (A demonstration of how page tables can be used to run arbitrary code in ring-0 and lead to a privesc. Uses CVE-2016-7255 as an example.) [Github]
  • Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) [Exploit-DB]
  • Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) [Exploit-DB]
  • Microsoft Windows Kernel - win32k Denial of Service (MS16-135) [Exploit-DB]

Impact: Code execution

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft