cvelistv5 - cve-2016-7221

cve-2016-7221

Vulnerability from cvelistv5

Published

2016-11-10 06:16

Modified

2024-08-06 01:57

Severity

Summary

Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."

References

Source	URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/94021
secure@microsoft.com	http://www.securitytracker.com/id/1037241
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:46.117Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS16-130",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
          },
          {
            "name": "1037241",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037241"
          },
          {
            "name": "94021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS16-130",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
        },
        {
          "name": "1037241",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037241"
        },
        {
          "name": "94021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94021"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-7221",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS16-130",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
            },
            {
              "name": "1037241",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037241"
            },
            {
              "name": "94021",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94021"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2016-7221",
    "datePublished": "2016-11-10T06:16:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:46.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-7221\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2016-11-10T06:59:33.673\",\"lastModified\":\"2018-10-12T22:14:15.750\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \\\"Windows IME Elevation of Privilege Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Input Method Editor (IME) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 no maneja adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como \\\"Windows IME Elevation of Privilege Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.2},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"232581CC-130A-4C62-A7E9-2EC9A9364D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7519928D-0FF2-4584-8058-4C7764CD5671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197E82CB-81AF-40F1-A55C-7B596891A783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C28897B-044A-447B-AD76-6397F8190177\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6437F9-6631-49D3-A6C2-62329E278E31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94021\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1037241\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130\",\"source\":\"secure@microsoft.com\"}]}}"
  }
}

ghsa-68r7-wh76-vcfr

Vulnerability from github

Published

2022-05-14 02:22

Modified

2022-05-14 02:22

Severity

7.8 (High) - CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-7221"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-10T06:59:00Z",
    "severity": "HIGH"
  },
  "details": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\"",
  "id": "GHSA-68r7-wh76-vcfr",
  "modified": "2022-05-14T02:22:21Z",
  "published": "2022-05-14T02:22:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7221"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94021"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037241"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2016-7221

Vulnerability from jvndb

Published

2017-07-07 15:47

Modified

2017-07-07 15:47

Severity

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Microsoft IME may insecurely load Dynamic Link Libraries

Details

Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs. When some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it. This registry key does not exist by default, and can be created by a normal user. If an application program is invoked with some high privilege, this mechanism can be leveraged for privilege escalation attacks. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type	URL
JVN	http://jvn.jp/en/jp/JVN21627267/index.html
JVN	https://jvn.jp/en/ta/JVNTA91240916/index.html
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7221
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7221
IPA SECURITY ALERTS	https://www.ipa.go.jp/security/ciadr/vul/20161109-ms.html
JPCERT-WR	https://www.jpcert.or.jp/english/at/2016/at160046.html
No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Microsoft Corporation	Microsoft IME
Microsoft Corporation	Microsoft Windows 10
Microsoft Corporation	Microsoft Windows 7
Microsoft Corporation	Microsoft Windows 8.1
Microsoft Corporation	Microsoft Windows RT 8.1
Microsoft Corporation	Microsoft Windows Server 2008
Microsoft Corporation	Microsoft Windows Server 2012
Microsoft Corporation	Microsoft Windows Server 2016
Microsoft Corporation	Microsoft Windows Vista

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-005802.html",
  "dc:date": "2017-07-07T15:47+09:00",
  "dcterms:issued": "2017-07-07T15:47+09:00",
  "dcterms:modified": "2017-07-07T15:47+09:00",
  "description": "Microsoft IME, bundled with Microsoft Windows, contains an issue in loading DLLs.\r\nWhen some application programs are invoked, they may initiate Microsoft IME. This IME, when initiated, checks a certain registry key for a file path to a DLL file and loads it.\r\nThis registry key does not exist by default, and can be created by a normal user.\r\nIf an application program is invoked with some high privilege, this mechanism can be leveraged for privilege escalation attacks.\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-005802.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:microsoft:ime",
      "@product": "Microsoft IME",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_10",
      "@product": "Microsoft Windows 10",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_7",
      "@product": "Microsoft Windows 7",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_8.1",
      "@product": "Microsoft Windows 8.1",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_rt_8.1",
      "@product": "Microsoft Windows RT 8.1",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2008",
      "@product": "Microsoft Windows Server 2008",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2012",
      "@product": "Microsoft Windows Server 2012",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2016",
      "@product": "Microsoft Windows Server 2016",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_vista",
      "@product": "Microsoft Windows Vista",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.1",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-005802",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN21627267/index.html",
      "@id": "JVN#21627267",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7221",
      "@id": "CVE-2016-7221",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7221",
      "@id": "CVE-2016-7221",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20161109-ms.html",
      "@id": "Security Alert for Vulnerability in Microsoft IME (November 2016)(JVN#21627267)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2016/at160046.html",
      "@id": "JPCERT-AT-2016-0046",
      "@source": "JPCERT-WR"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Microsoft IME may insecurely load Dynamic Link Libraries"
}

gsd-2016-7221

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-7221

Aliases

CVE-2016-7221

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-7221",
    "description": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\"",
    "id": "GSD-2016-7221"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-7221"
      ],
      "details": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\"",
      "id": "GSD-2016-7221",
      "modified": "2023-12-13T01:21:21.052655Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2016-7221",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS16-130",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
          },
          {
            "name": "1037241",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037241"
          },
          {
            "name": "94021",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94021"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2016-7221"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka \"Windows IME Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "94021",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/94021"
            },
            {
              "name": "1037241",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037241"
            },
            {
              "name": "MS16-130",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-130"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-12T22:14Z",
      "publishedDate": "2016-11-10T06:59Z"
    }
  }
}

Action not permitted

cve-2016-7221

Vulnerability from cvelistv5

ghsa-68r7-wh76-vcfr

Vulnerability from github

cve-2016-7221

Vulnerability from jvndb

gsd-2016-7221

Vulnerability from gsd

Tags