CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-1701

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score33.7010%
EPSS Percentile93.01th
Published2015年4月21日
Last Modified2026年4月22日

Vulnerability Description

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

Affected Platforms (CPE)

💻
Microsoft

Windows 2003 Server

All versions
💻
Microsoft

Windows 2003 Server

= r2
💻
Microsoft

Windows 7

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Vista

All versions

References & Advisories

🔗 http://seclists.org/fulldisclosure/2020/May/34
🔗 http://twitter.com/symantec/statuses/590208710527549440
🔗 http://www.securityfocus.com/bid/74245
🔗 http://www.securitytracker.com/id/1032155
🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051
🔗 https://www.exploit-db.com/exploits/37049/
🔗 https://www.exploit-db.com/exploits/37367/
🔗 https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html

関連する脆弱性情報

CVE-2004-020910.0

Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 al...

CVE-2004-042010.0

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows ...

CVE-2004-020110.0

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve...

CVE-2004-057410.0

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, ...

CVE-2015-1701 Detail & Impact Analysis | CVSS 7.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space