CVE-2016-7216

MEDIUM

Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Kernel API Mishandling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7216. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a Windows kernel crash in nt!RtlEqualSid due to a PAGE_FAULT_BEYOND_END_OF_ALLOCATION error when loading a corrupted registry hive file. The PoC triggers the vulnerability via RegLoadAppKey(), leading to a denial-of-service condition on Windows 7.

Description

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/40766

View Code ZIP pw:eip

This exploit demonstrates a Windows kernel crash in nt!RtlEqualSid due to a PAGE_FAULT_BEYOND_END_OF_ALLOCATION error when loading a corrupted registry hive file. The PoC triggers the vulnerability via RegLoadAppKey(), leading to a denial-of-service condition on Windows 7.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 7 (NT kernel)

No auth needed

Prerequisites: Ability to load a corrupted registry hive file via RegLoadAppKey()

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94048

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037253

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-139

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40766/

Scores

CVSS v3 5.5

EPSS 0.0414

EPSS Percentile 89.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200 CWE-264

Status published

Products (4)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_vista

Published Nov 10, 2016

Tracked Since Feb 18, 2026