ByteOS Network

NVD Vulnerability Details :

CVE-2016-0007

Modified

Source-secure@microsoft.com

Published At-13 Jan, 2016 | 05:59

Updated At-06 May, 2026 | 22:30

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.9

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1511

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_7>>-

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8>>-

cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt>>-

cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_vista>>-

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/79898	secure@microsoft.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034645	secure@microsoft.com	Third Party Advisory VDB Entry
https://code.google.com/p/google-security-research/issues/detail?id=589	secure@microsoft.com	Exploit Mailing List Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-008	secure@microsoft.com	Patch Vendor Advisory
https://www.exploit-db.com/exploits/39310/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/39311/	secure@microsoft.com	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/79898	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034645	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://code.google.com/p/google-security-research/issues/detail?id=589	af854a3a-2127-422b-91ae-364da2661108	Exploit Mailing List Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-008	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.exploit-db.com/exploits/39310/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/39311/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry