CVE-2016-0020

Vulnerability

The MAPI DLL Loading Elevation of Privilege Vulnerability (CVE-2016-0020) resides in the way Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 handle DLL loading. The flaw is triggered when the system attempts to load a DLL from an unsafe location due to insufficient input validation before loading DLL files. Specifically, in the context of Internet Explorer, the IShdocvwBroker::NewMessage API can cause the broker process to load a DLL from a potentially unsafe location [1][2]. Affected versions include all supported releases of the listed operating systems at the time of publication [1].

Exploitation

An attacker must be able to log on to a target system locally and run a specially crafted application that exploits the unsafe DLL loading. In the Internet Explorer scenario, user interaction is required: the target must visit a malicious webpage or open a malicious file. The vulnerability is classified as local, meaning the attacker needs prior access to the system, and the attack complexity is medium. No special network position is required beyond the ability to deliver the crafted file or page [2].

Impact

Successful exploitation allows the attacker to gain elevated privileges on the system. The vulnerability is classified as an elevation of privilege, with a CVSS v3 base score of 7.8 (High). In the Internet Explorer context, an attacker can execute arbitrary code under the context of the user at medium integrity, potentially compromising confidentiality, integrity, and availability of the affected system [1][2].

Mitigation

Microsoft released security update MS16-007 on January 12, 2016, which addresses the vulnerability by correcting how Windows validates input before loading DLL files. The update is rated Important and applies to all affected software versions listed in the bulletin. Users and administrators should apply the update via Windows Update or Microsoft Update. No workarounds are documented beyond applying the patch [1].