Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2015-1701
HistoryApr 21, 2015 - 10:59 a.m.

CVE-2015-1701

2015-04-2110:59:00
microsoft
web.nvd.nist.gov
932
In Wild
3
win32k.sys
elevation of privilege
cve-2015-1701
windows
vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.372

Percentile

97.2%

JSON

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka “Win32k Elevation of Privilege Vulnerability.”

Affected configurations

Nvd
Node
microsoftwindows_2003_serverMatch-sp2
OR
microsoftwindows_2003_serverMatchr2sp2
OR
microsoftwindows_7Match-sp1
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_vistaMatch-sp2
VendorProductVersionCPE
microsoftwindows_2003_server-cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
microsoftwindows_2003_serverr2cpe:2.3:o:microsoft:windows_2003_server:r2:sp2:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
microsoftwindows_vista-cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Social References

More

Related

exploitdb 2
metasploit 1
exploitpack 1
nvd 1
myhack58 2
zdt 2
checkpoint_advisories 1
attackerkb 1
cisa_kev 1
fireeye 3
canvas 1
seebug 1
cvelist 1
packetstorm 2
prion 1
symantec 1
threatpost 5
thn 1
korelogic 1
trellix 2
talosblog 1
nessus 1
mskb 1
kaspersky 1
securityvulns 1
githubexploit 2
exploitdb
exploitdb
Microsoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit)
2015-06-24 00:00:00
Microsoft Windows - Local Privilege Escalation (MS15-051)
2015-05-18 00:00:00
metasploit
metasploit
Windows ClientCopyImage Win32k Exploit
2015-06-03 11:48:23
exploitpack
exploitpack
Microsoft Windows - Local Privilege Escalation (MS15-051)
2015-05-18 00:00:00
nvd
nvd
CVE-2015-1701
2015-04-21 10:59:00
myhack58
myhack58
Win32k elevation of privilege vulnerability, CVE-2 0 1 5-1 7 0 1-exp-vulnerability warning-the black bar safety net
2015-05-24 00:00:00
About 1 5 years 5 months to repair the two 0day-vulnerability warning-the black bar safety net
2015-05-13 00:00:00
zdt
zdt
Microsoft Windows ClientCopyImage Improper Object Handling Exploit
2015-06-23 00:00:00
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation Vulnerability
2020-05-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows System CallBack Privilege Escalation (CVE-2015-1701)
2015-04-21 00:00:00
attackerkb
attackerkb
CVE-2015-1701
2015-04-21 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-03-03 00:00:00
fireeye
fireeye
Lessons from Operation RussianDoll
2016-03-09 11:00:00
The EPS Awakens - Part 2
2015-12-20 19:45:00
The EPS Awakens
2015-12-16 08:00:00
canvas
canvas
Immunity Canvas: MS15_051
2015-04-21 10:59:00
seebug
seebug
MS15-051 Win32k ClientCopyImage Elevation of Privilege Vulnerability (CVE-2015-1701)
2017-04-25 00:00:00
cvelist
cvelist
CVE-2015-1701
2015-04-21 10:00:00
packetstorm
packetstorm
Microsoft Windows ClientCopyImage Improper Object Handling
2015-06-22 00:00:00
Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation
2020-05-14 00:00:00
prion
prion
Privilege escalation
2015-04-21 10:59:00
symantec
symantec
Microsoft Windows CVE-2015-1701 Local Privilege Escalation Vulnerability
2015-04-18 00:00:00
threatpost
threatpost
APT Groups Exploiting Patch Microsoft Office Flaw CVE-2015-2545
2016-05-25 12:58:57
Researchers Crack Furtim, SFG Malware Connection
2016-07-18 13:26:09
Malware Dropper Built to Target European Energy Company
2016-07-12 09:31:54
thn
thn
State-Sponsored SCADA Malware targeting European Energy Companies
2016-07-13 00:12:00
korelogic
korelogic
Cellebrite Restricted Desktop Escape and Escalation of User Privilege
2020-05-14 00:00:00
trellix
trellix
Take a "NetWalk" on the Wild Side
2020-08-03 00:00:00
Take a "NetWalk" on the Wild Side
2020-08-03 00:00:00
talosblog
talosblog
China Chopper still active 9 years later
2019-08-27 08:14:42
nessus
nessus
MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191)
2015-05-12 00:00:00
mskb
mskb
MS15-051: Vulnerabilities in Windows kernel-mode drivers could allow information disclosure: May 12, 2015
2015-05-12 00:00:00
kaspersky
kaspersky
KLA10580 Multiple vulnerabilities in Microsoft products
2015-05-12 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-05-13 00:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.372

Percentile

97.2%

JSON
Related for CVE-2015-1701
exploitdb2metasploit1exploitpack1nvd1myhack582zdt2checkpoint_advisories1attackerkb1cisa_kev1fireeye3canvas1seebug1cvelist1packetstorm2prion1symantec1threatpost5thn1korelogic1trellix2talosblog1nessus1mskb1kaspersky1securityvulns1githubexploit2