CVE-2016-0006

HIGH

Microsoft Windows - Local Privilege Escalation via Reparse Point Mishandling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0006. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates a bypass for the CVE-2015-2553 fix by leveraging shadow object directories to create mount reparse points at low integrity, allowing privilege escalation. It uses NtCreateObjectDirectoryEx to shadow GLOBAL?? and manipulate dos device paths.

Description

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/39311

View Code ZIP pw:eip

The exploit demonstrates a bypass for the CVE-2015-2553 fix by leveraging shadow object directories to create mount reparse points at low integrity, allowing privilege escalation. It uses NtCreateObjectDirectoryEx to shadow GLOBAL?? and manipulate dos device paths.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10

No auth needed

Prerequisites: Low integrity execution context · Writable directory for PoC execution

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-008

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034645

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39311/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/79882

Scores

CVSS v3 7.3

EPSS 0.0423

EPSS Percentile 89.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (12)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

... and 2 more

Published Jan 13, 2016

Tracked Since Feb 18, 2026