Privilege escalation in Microsoft products - CVE-2016-7182
Published: October 11, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU975
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2016-7182
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Microsoft Office
Word Viewer
Windows
Windows Server
Microsoft Lync
Lync Attendee
Microsoft Live Meeting
Microsoft Office
Word Viewer
Windows
Windows Server
Microsoft Lync
Lync Attendee
Microsoft Live Meeting
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to boundary error in the Microsoft Windows kernel-mode driver (Win32k). By running a malicious program on the affected system attackers can execute arbitrary code with SYSTEM privileges.
The weakness exists due to boundary error in the Microsoft Windows kernel-mode driver (Win32k). By running a malicious program on the affected system attackers can execute arbitrary code with SYSTEM privileges.
Successful exploitation of the vulnerability may result in a complete system compromise.
How to mitigate CVE-2016-7182
Install update from vendor's website.