Main Vulnerability Database Exploits ID:1611 - Exploit for Path traversal in Windows and Windows Server - CVE-2015-0016

ID:1611 - Exploit for Path traversal in Windows and Windows Server - CVE-2015-0016

Published: March 18, 2020

Vulnerability identifier: #VU5578

Vulnerability risk: Critical

CVE-ID: CVE-2015-0016

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/local/ms15_004_tswbproxy

Vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient validation of user-supplied input within TS WebProxy Windows component. A remote attacker can trick the victim into downloading a specially crafted file and execute it with privileges of the current user.

Successful exploitation of the vulnerability may result in full control of the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

ID:1611 - Exploit for Path traversal in Windows and Windows Server - CVE-2015-0016

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human