7.2
CVSSv2

CVE-2015-0057

Published: 11/02/2015 Updated: 14/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 734
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Vulnerability Trend

Exploits

# Exploit Title: MS15-010/CVE-2015-0057 win32k Local Privilege Escalation # Date: 2015-12-17 # Exploit Author: Jean-Jamil Khalife # Software Link: wwwmicrosoftcom # Version: Windows 81 (x64) # Tested on: Windows 81 (x64) # CVE : CVE-2015-0057 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-s ...
// excpp /* Windows XP/2K3/VISTA/2K8/7 WM_SYSTIMER Kernel EoP CVE-2015-0003 March 2015 (Public Release: May 24, 2015) Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake <at> mail <dot> com */ #include "exh" _ZwAllocateVirtualMemory ZwAllocateVirtualMemory; ...

Github Repositories

bh-asia-16 A New CVE-2015-0057 Exploit Technology

Windows Kernel Exploit cve-2015-0057 win81 下 uaf 漏洞。 MS16-098 win81 下整数溢出漏洞,漏洞利用关键字: Pool Overflow、Abusing Gdi Objects Analysis

CVE-2015-0057漏洞在32位和64位系统上的利用 作者:Aaron Adams 翻译:55-AA 译注:本文部分地方采用了意译,如有疑问请参阅原文。 术语: 操作原语(primitive):类似于一个功能函数,是一系列腐蚀操作的集合,以完成一个完整的可重复利用的功能,如读取内存、写入任意数据等。 代序 今年早

Windows stack overflows Stack Base Overflow Articles + Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] + Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] + Stack Smashing as of Today - by Hagen Fritsch [2009] + SMASHING C++ VPTRS - by rix [2000] ## Windows heap overflows Heap Base Overflow Articles + Third Generat

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

EopMon Introduction EopMon is a hypervisor-based elevation of privilege (EoP) detector It can spots a process with a stolen system token and terminate it by utilizing hypervisor's ability to monitor process context-swiching While EopMon is tested against multiple EoP exploits carried out by in the wild malware (*1), it is rather meant to be an educational tool to demonst

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

cve-study-write

Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.

Recent Articles

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change
Threatpost • Michael Mimoso • 12 Feb 2015

The vulnerabilities addressed in this month’s Patch Tuesday security bulletins from Microsoft have been a mashup of critical bugs affecting most supported versions of Windows and Internet Explorer that could pave the way for attackers to gain complete control of affected systems.
Sounds like most months, for sure.
But what sets this month apart is the regular stream of disclosures from researchers in the hours and days following patches from Microsoft.
The latest surrounds MS...

Hacker kicks one bit XP to 10 Windows scroll goal
The Register • Darren Pauli • 12 Feb 2015

Screwy GUI carried dead code for 15 YEARS

Windows operating systems from XP to version 10 can be popped with a single bit, researcher Udi Yavo says.
The hacker, formerly chief of the electronic warfare unit for Israeli defence contractor Rafael, detailed how the local privilege escalation vulnerability (CVE-2015-0057) fixed in this week's Patch Tuesday update could grant attackers total control of machines.
"A threat actor that gains access to a Windows machine can exploit this vulnerability to bypass all Windows security me...