// For flags

CVE-2016-0041

Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070)

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."

Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 10 y 11 no manejan adecuadamente la carga DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como "DLL Loading Remote Code Execution Vulnerability".

A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-04 CVE Reserved
  • 2015-12-08 First Exploit
  • 2016-02-10 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (19)
URL Tag Source
http://seclists.org/fulldisclosure/2016/Feb/49 Mailing List
http://www.securitytracker.com/id/1034971 Vdb Entry
http://www.securitytracker.com/id/1034985 Vdb Entry
https://www.securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html X_refsource_misc
https://securify.nl/advisory/SFY20150801/com__services_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150805/event_viewer_snapin_multiple_dll_side_loading_vulnerabilities.html
https://securify.nl/advisory/SFY20150803/windows_authentication_ui_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20151102/shutdown_ux_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150802/shockwave_flash_object_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150806/ole_db_provider_for_oracle_multiple_dll_side_loading_vulnerabilities.html
https://securify.nl/advisory/SFY20150905/nps_datastore_server_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150906/bda_mpeg2_transport_information_filter_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20151101/mapsupdatetask_task_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150904/windows_mail_find_people_dll_side_loading_vulnerability.html
https://securify.nl/advisory/SFY20150804/microsoft_visio_multiple_dll_side_loading_vulnerabilities.html
URL Date SRC
https://packetstorm.news/files/id/139671 2016-11-10
https://www.exploit-db.com/exploits/41706 2015-12-08
URL Date SRC
URL Date SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-009 2018-10-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-014 2018-10-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 10
Search vendor "Microsoft" for product "Internet Explorer" and version "10"
-
Affected
Microsoft
Search vendor "Microsoft"
 Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
 11
Search vendor "Microsoft" for product "Internet Explorer" and version "11"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 10
Search vendor "Microsoft" for product "Windows 10"
--
Affected
Microsoft
Search vendor "Microsoft"
 Windows 10
Search vendor "Microsoft" for product "Windows 10"
 1511
Search vendor "Microsoft" for product "Windows 10" and version "1511"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows 7
Search vendor "Microsoft" for product "Windows 7"
*sp1
Affected
Microsoft
Search vendor "Microsoft"
 Windows 8.1
Search vendor "Microsoft" for product "Windows 8.1"
*-
Affected
Microsoft
Search vendor "Microsoft"
 Windows Rt 8.1
Search vendor "Microsoft" for product "Windows Rt 8.1"
*-
Affected
Microsoft
Search vendor "Microsoft"
 Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*sp2
Affected
Microsoft
Search vendor "Microsoft"
 Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
 r2
Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Windows Server 2012
Search vendor "Microsoft" for product "Windows Server 2012"
*-
Affected
Microsoft
Search vendor "Microsoft"
 Windows Server 2012
Search vendor "Microsoft" for product "Windows Server 2012"
 r2
Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"
-
Affected
Microsoft
Search vendor "Microsoft"
 Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp2
Affected