Main
Vulnerability Database
Exploits
ID:2409 - Exploit for Insecure DLL loading in Microsoft products - CVE-2016-0041
ID:2409 - Exploit for Insecure DLL loading in Microsoft products - CVE-2016-0041
Published: April 7, 2020
Vulnerability identifier: #VU4827
Vulnerability risk: High
CVE-ID: CVE-2016-0041
CWE-ID: CWE-427
Exploitation vector: Remote access
Vulnerable software:
Microsoft Internet Explorer
Windows
Windows Server
Microsoft Internet Explorer
Windows
Windows Server
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.
Remediation
Install update from vendor's website.