CVE-2016-0165

ENISA EUVD: EUVD-2016-0203 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

6.04%

probability

This CVE has a 6.04% probability of being exploited in the next 30 days.

0% Top 90.8th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Project Zero

Buffer overflow in RGNMEMOBJ::vCreate

Affected Products

Google Project Zero

Patched

April 12, 2016

Reported by

Sebastian Apelt of Siberas working with Trend Micro's Zero Day Initiative, Anton Ivanov of Kaspersky Lab

Root Cause Analysis

???

Exploits & PoC

Patch Tuesday April 2016

Qualys Apr 12, 2016

Signal Intelligence

Confidenceⓘ

95%

EPSS 6.04%

CVSS v3.1 7.8

Mentions 1

Last Seen Apr 12, 2016

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 1

Turla Group

apt_group Information theft and espionage Russian Federation

Triage Info

Decided atMar 05, 2026