Vulnerabilities > CVE-2015-1701 - Unspecified vulnerability in Microsoft products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 |
Exploit-Db
description Windows ClientCopyImage Win32k Exploit. CVE-2015-1701. Local exploit for windows platform file exploits/windows/local/37367.rb id EDB-ID:37367 last seen 2016-02-04 modified 2015-06-24 platform windows port published 2015-06-24 reporter metasploit source https://www.exploit-db.com/download/37367/ title Windows ClientCopyImage Win32k Exploit type local description Microsoft Windows - Local Privilege Escalation (MS15-051). CVE-2015-1676,CVE-2015-1677,CVE-2015-1678,CVE-2015-1679,CVE-2015-1680,CVE-2015-1701. Local exploit... file exploits/windows/local/37049.txt id EDB-ID:37049 last seen 2016-02-04 modified 2015-05-18 platform windows port published 2015-05-18 reporter hfiref0x source https://www.exploit-db.com/download/37049/ title Microsoft Windows - Local Privilege Escalation MS15-051 type local
Metasploit
description | This module exploits improper object handling in the win32k.sys kernel mode driver. This module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64. |
id | MSF:EXPLOIT/WINDOWS/LOCAL/MS15_051_CLIENT_COPY_IMAGE |
last seen | 2020-05-11 |
modified | 2018-10-28 |
published | 2015-06-03 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/local/ms15_051_client_copy_image.rb |
title | Windows ClientCopyImage Win32k Exploit |
Msbulletin
bulletin_id | MS15-051 |
bulletin_url | |
date | 2015-05-12T00:00:00 |
impact | Elevation of Privilege |
knowledgebase_id | 3057191 |
knowledgebase_url | |
severity | Important |
title | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS15-051.NASL |
description | The version of Windows running on the remote host is affected by multiple vulnerabilities : - Multiple information disclosure vulnerabilities exist due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this to reveal private address information during a function call, resulting in the disclosure of kernel memory contents. (CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, CVE-2015-1679, CVE-2015-1680) - A privilege escalation vulnerability exists due to the Win32k.sys kernel-mode driver improperly handling objects in memory. A local attacker can exploit this flaw, via a specially crafted application, to execute arbitrary code in kernel mode. This vulnerability is reportedly being exploited in the wild. (CVE-2015-1701) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 83370 |
published | 2015-05-12 |
reporter | This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/83370 |
title | MS15-051: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (3057191) |
code |
|
Packetstorm
data source https://packetstormsecurity.com/files/download/157715/KL-001-2020-002.txt id PACKETSTORM:157715 last seen 2020-05-15 published 2020-05-14 reporter Matthew Bergin source https://packetstormsecurity.com/files/157715/Cellebrite-UFED-7.5.0.845-Desktop-Escape-Privilege-Escalation.html title Cellebrite UFED 7.5.0.845 Desktop Escape / Privilege Escalation data source https://packetstormsecurity.com/files/download/132403/ms15_051_client_copy_image.rb.txt id PACKETSTORM:132403 last seen 2016-12-05 published 2015-06-22 reporter temp66 source https://packetstormsecurity.com/files/132403/Microsoft-Windows-ClientCopyImage-Improper-Object-Handling.html title Microsoft Windows ClientCopyImage Improper Object Handling
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:93039 |
last seen | 2017-11-19 |
modified | 2017-04-25 |
published | 2017-04-25 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-93039 |
title | MS15-051 Win32k ClientCopyImage Elevation of Privilege Vulnerability (CVE-2015-1701) |
The Hacker News
id | THN:675EE08758C0AD2D11F9BC33AB15EA32 |
last seen | 2018-01-27 |
modified | 2016-07-13 |
published | 2016-07-13 |
reporter | Swati Khandelwal |
source | https://thehackernews.com/2016/07/scada-malware-energy.html |
title | State-Sponsored SCADA Malware targeting European Energy Companies |
References
- http://seclists.org/fulldisclosure/2020/May/34
- http://seclists.org/fulldisclosure/2020/May/34
- http://twitter.com/symantec/statuses/590208710527549440
- http://twitter.com/symantec/statuses/590208710527549440
- http://www.securityfocus.com/bid/74245
- http://www.securityfocus.com/bid/74245
- http://www.securitytracker.com/id/1032155
- http://www.securitytracker.com/id/1032155
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051
- https://www.exploit-db.com/exploits/37049/
- https://www.exploit-db.com/exploits/37049/
- https://www.exploit-db.com/exploits/37367/
- https://www.exploit-db.com/exploits/37367/
- https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
- https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html