CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1701

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score33.7010%
EPSS Percentile93.01th
PublishedApr 21, 2015
Last ModifiedApr 22, 2026

Vulnerability Description

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2003 Server

All versions
πŸ’»
Microsoft

Windows 2003 Server

= r2
πŸ’»
Microsoft

Windows 7

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Vista

All versions

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2020/May/34
πŸ”— http://twitter.com/symantec/statuses/590208710527549440
πŸ”— http://www.securityfocus.com/bid/74245
πŸ”— http://www.securitytracker.com/id/1032155
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051
πŸ”— https://www.exploit-db.com/exploits/37049/
πŸ”— https://www.exploit-db.com/exploits/37367/
πŸ”— https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html

Related Vulnerabilities

CVE-2004-020910.0

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 al...

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-020110.0

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve...

CVE-2004-057410.0

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, ...