Main Vulnerability Database Exploits ID:1878 - Exploit for Privilege escalation in Windows and Windows Server - CVE-2015-1701

ID:1878 - Exploit for Privilege escalation in Windows and Windows Server - CVE-2015-1701

Published: March 18, 2020

Vulnerability identifier: #VU5553

Vulnerability risk: Medium

CVE-ID: CVE-2015-1701

CWE-ID: CWE-264

Exploitation vector: Local access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://github.com/55-AA/CVE-2015-0057

Vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper access control. A local attacker can create a specially crafted application, execute a callback in userspace and use data from the System token to execute arbitrary code on the system with root privileges.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

ID:1878 - Exploit for Privilege escalation in Windows and Windows Server - CVE-2015-1701

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human