CVE-2016-7255

HIGH KEV RANSOMWARE

Microsoft Windows - Privilege Escalation

Title source: llm

Description

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Exploits (11)

exploitdb WORKING POC
by Rick Larabee · clocalwindows
https://www.exploit-db.com/exploits/41015
exploitdb WORKING POC
by IOactive · textlocalwindows
https://www.exploit-db.com/exploits/40823
exploitdb WORKING POC
by TinySec · cdoswindows
https://www.exploit-db.com/exploits/40745
nomisec WORKING POC 82 stars
by FSecureLABS · local
https://github.com/FSecureLABS/CVE-2016-7255
nomisec WORKING POC 11 stars
by yuvatia · local
https://github.com/yuvatia/page-table-exploitation
nomisec WORKING POC 3 stars
by heh3 · local
https://github.com/heh3/CVE-2016-7255
nomisec WORKING POC 1 stars
by bbolmin · local
https://github.com/bbolmin/cve-2016-7255_x86_x64
github WORKING POC
by AmazingOut · cpoc
https://github.com/AmazingOut/CVE_POC/tree/main/CVE-2016-7255
nomisec SUSPICIOUS
by homjxi0e · poc
https://github.com/homjxi0e/CVE-2016-7255
patchapalooza WRITEUP
by Ascotbe · local
https://github.com/Ascotbe/Kernelhub

References (12)

Scores

CVSS v3 7.8
EPSS 0.8936
EPSS Percentile 99.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2016-10-21
InTheWild.io 2016-10-21
ENISA EUVD EUVD-2016-8111
Ransomware Use Confirmed
Status published
Products (12)
microsoft/windows_10_1507
microsoft/windows_10_1511
microsoft/windows_10_1607
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
... and 2 more
Published Nov 10, 2016
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026