CVE-2015-1701

CVE Database · CVE-2015-1701

CVE-2015-1701

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

56.20%

Published

Apr 21, 2015

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

Apply updates per vendor instructions.

Public PoC / Exploit (7)

All weaponized →

Exploit-DBMicrosoft Windows - ClientCopyImage Win32k (MS15-051) (Metasploit)Exploit-DBMicrosoft Windows - Local Privilege Escalation (MS15-051)TrickestTrickest PoC index GitHub PoChfiref0x/CVE-2015-1701★293 GitHub PoCAnonymous-Family/CVE-2015-1701★0 GitHub PoCAnonymous-Family/CVE-2015-1701-download★0 GitHub PoCgousseine-systems/vuln-rabilit-windows7★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (5)

microsoft · windows_2003_servervulnerable

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

microsoft · windows_vistavulnerable

References (17)

http://seclists.org/fulldisclosure/2020/May/34

Mailing ListThird Party AdvisoryBroken Link

http://twitter.com/symantec/statuses/590208710527549440

Press/Media Coverage