CVE-2016-0099

Published: Mar 9, 2016Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Affected (9)

Products: Microsoft: Windows 10 1507, Windows 10 1511, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Vista

7 products

Windows 10 1507

Windows 10 1511

Windows Server 2008

Windows Server 2012

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1511	All versions
Microsoft Windows 7	All versions
Microsoft Windows 8.1	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2
Microsoft Windows Server 2012	All versions
Microsoft Windows Server 2012	Version r2
Microsoft Windows Vista	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (15)

http://www.securityfocus.com/bid/84034

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035210

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032

Source: secure@microsoft.com

PatchVendor Advisory

https://www.exploit-db.com/exploits/39574/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/39719/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/39809/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40107/

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/84034

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035210

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.exploit-db.com/exploits/39574/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/39719/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/39809/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/40107/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0099

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.