CVE-2016-0099

HIGH Year: 2016
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-120
View all →

Vulnerability Description

The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

Related Vulnerabilities

CVE-2002-0969

HIGH
CVSS:7.8(High)

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini init...

CWE-1202002

CVE-2004-0210

HIGH
CVSS:7.8(High)

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overf...

CWE-1202004

CVE-2007-5659

HIGH
CVSS:7.8(High)

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: thi...

CWE-1202007

CVE-2010-2492

HIGH
CVSS:7.8(High)

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of se...

CWE-1202010

CVE-2010-2572

HIGH
CVSS:7.8(High)

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerabil...

CWE-1202010

CVE-2011-1145

HIGH
CVSS:7.8(High)

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

CWE-1202011