Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka “Win32k Elevation of Privilege Vulnerability.”
Recent assessments:
gwillcox-r7 at November 23, 2020 6:03pm UTC reported:
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
seclists.org/fulldisclosure/2020/May/34
twitter.com/symantec/statuses/590208710527549440
www.securityfocus.com/bid/74245
www.securitytracker.com/id/1032155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1701
docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051
www.exploit-db.com/exploits/37049
www.exploit-db.com/exploits/37367
www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html