CVE-2016-0100

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2

Description The issue is related to the mishandling of library loading, allowing local users to gain privileges via a crafted application. This can lead to a remote code execution vulnerability when input is not properly validated before loading certain libraries. An attacker who successfully exploits this vulnerability could take complete control of an affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system could be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Windows Vista SP2, update to a newer version that properly validates input before loading libraries to prevent exploitation. For Microsoft Windows Server 2008 SP2, apply configuration changes to restrict library loading and minimize the risk of remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.