Microsoft IIS 7.0/7.5 on Vista/Server 2008 DLL Loader access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft IIS 7.0/7.5 on Vista/Server 2008. It has been rated as critical. This issue affects some unknown processing of the component DLL Loader. This manipulation causes access control. This vulnerability is tracked as CVE-2016-0152. The attack is restricted to local execution. No exploit exists. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability classified as critical was found in Microsoft IIS 7.0/7.5 on Vista/Server 2008 (Web Server). Affected by this vulnerability is an unknown function of the component DLL Loader. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."
The weakness was disclosed 05/10/2016 with Microsoft as MS16-058 as confirmed bulletin (Technet). The advisory is shared at technet.microsoft.com. This vulnerability is known as CVE-2016-0152 since 12/04/2015. An attack has to be approached locally. The successful exploitation requires a single authentication. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue. The advisory points out:
The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
The vulnerability scanner Nessus provides a plugin with the ID 91008 (MS16-058: Security Update for Windows IIS (3141083)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 91215 (Microsoft Windows IIS Security Update (MS16-058)).
Applying the patch MS16-058 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (91008) and SecurityFocus (BID 90020†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 91008
Nessus Name: MS16-058: Security Update for Windows IIS (3141083)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 53144
OpenVAS Name: Microsoft Windows IIS Remote Code Execution Vulnerability (3141083)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS16-058
Timeline
12/04/2015 🔍05/10/2016 🔍
05/10/2016 🔍
05/10/2016 🔍
05/10/2016 🔍
05/11/2016 🔍
11/03/2024 🔍
Sources
Vendor: microsoft.comAdvisory: MS16-058
Organization: Microsoft
Status: Confirmed
CVE: CVE-2016-0152 (🔍)
GCVE (CVE): GCVE-0-2016-0152
GCVE (VulDB): GCVE-100-87157
OVAL: 🔍
SecurityFocus: 90020 - Microsoft Windows CVE-2016-0152 DLL Loading Remote Code Execution Vulnerability
SecurityTracker: 1035834
Entry
Created: 05/11/2016 14:13Updated: 11/03/2024 08:28
Changes: 05/11/2016 14:13 (60), 04/11/2017 15:33 (19), 08/18/2022 09:23 (3), 08/18/2022 09:24 (1), 11/03/2024 08:28 (16)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.