← back
CVE-2015-1701

CVE-2015-1701

CVSS 7.8 HIGHEPSS 56.2%● KEV
In short

A flaw in Windows kernel drivers allows a local user to run a specially crafted program that grants them admin-level access to the system. This was actively exploited by attackers in April 2015.

Technical detail

Win32k.sys kernel-mode driver contains an elevation of privilege vulnerability exploitable by local authenticated users through a crafted application. Pre-condition requires local code execution capability; successful exploitation grants SYSTEM-level privileges, enabling complete system compromise.

Summary generated and translated by AI from the official description.
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found8
githubgithub.com/hfiref0x/CVE-2015-1701293githubgithub.com/Anonymous-Family/CVE-2015-1701-download0githubgithub.com/gousseine-systems/vuln-rabilit-windows70githubgithub.com/Anonymous-Family/CVE-2015-17010exploitdbwww.exploit-db.com/exploits/37049unverifiedcve_referencewww.exploit-db.com/exploits/37367/unverifiedexploitdbwww.exploit-db.com/exploits/37367unverifiedcve_referencewww.exploit-db.com/exploits/37049/unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051http://seclists.org/fulldisclosure/2020/May/34https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1701https://www.exploit-db.com/exploits/37049/https://www.exploit-db.com/exploits/37367/https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.htmlhttp://twitter.com/symantec/statuses/590208710527549440http://www.securityfocus.com/bid/74245http://www.securitytracker.com/id/1032155