7.2
CVSSv2

CVE-2015-0057

Published: 11/02/2015 Updated: 14/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 732
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows rt -

microsoft windows 8.1 -

microsoft windows server 2008 -

microsoft windows 7 -

microsoft windows rt 8.1 -

microsoft windows vista -

microsoft windows 8 -

microsoft windows server 2012 -

microsoft windows server 2003 -

Exploits

# Exploit Title: MS15-010/CVE-2015-0057 win32k Local Privilege Escalation # Date: 2015-12-17 # Exploit Author: Jean-Jamil Khalife # Software Link: wwwmicrosoftcom # Version: Windows 81 (x64) # Tested on: Windows 81 (x64) # CVE : CVE-2015-0057 Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-s ...
// excpp /* Windows XP/2K3/VISTA/2K8/7 WM_SYSTIMER Kernel EoP CVE-2015-0003 March 2015 (Public Release: May 24, 2015) Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake <at> mail <dot> com */ #include "exh" _ZwAllocateVirtualMemory ZwAllocateVirtualMemory; ...

Github Repositories

Use CVE-2016-3308 corrupt win32k desktop heap

Use CVE-2016-3308 corrupt win32k desktop heap author : @55-AA, Sept 18, 2016 ##Introduction Desktop heap is a kernel pool used by win32k, it can be exploited by user-mode application Here I will describe in detail how to implement a reliable exploitation so that to read/write arbitrary address in kernel This writeup and associated analysis are done on a win7_sp1_x86(build 178

Windows Kernel Exploit cve-2015-0057 win81 下 uaf 漏洞。 MS16-098 win81 下整数溢出漏洞,漏洞利用关键字: Pool Overflow、Abusing Gdi Objects Analysis

bh-asia-16 A New CVE-2015-0057 Exploit Technology

翻译文章,CVE-2015-0057漏洞在32位和64位系统上的利用。Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit(Aaron Adams of NCC )

CVE-2015-0057漏洞在32位和64位系统上的利用 作者:Aaron Adams 翻译:55-AA 译注:本文部分地方采用了意译,如有疑问请参阅原文。 术语: 操作原语(primitive):类似于一个功能函数,是一系列腐蚀操作的集合,以完成一个完整的可重复利用的功能,如读取内存、写入任意数据等。 代序 今年早

Elevation of privilege detector based on HyperPlatform

EopMon Introduction EopMon is a hypervisor-based elevation of privilege (EoP) detector It can spots a process with a stolen system token and terminate it by utilizing hypervisor's ability to monitor process context-swiching While EopMon is tested against multiple EoP exploits carried out by in the wild malware (*1), it is rather meant to be an educational tool to demonst

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

Awesome Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things There is no pre-established order of items in each category, the order is for contribution If you want to contribute, please read the guide Table of Contents Windows stack overflows Windows heap overflows Kernel based Windows overflows Windows Kernel Memory Corruption Re

noted

Windows stack overflows Stack Base Overflow Articles + Win32 Buffer Overflows (Location, Exploitation and Prevention) - by Dark spyrit [1999] + Writing Stack Based Overflows on Windows - by Nish Bhalla’s [2005] + Stack Smashing as of Today - by Hagen Fritsch [2009] + SMASHING C++ VPTRS - by rix [2000] ## Windows heap overflows Heap Base Overflow Articles + Third Generat

Recent Articles

Hacker kicks one bit XP to 10 Windows scroll goal
The Register • Darren Pauli • 12 Feb 2015

Screwy GUI carried dead code for 15 YEARS

Windows operating systems from XP to version 10 can be popped with a single bit, researcher Udi Yavo says. The hacker, formerly chief of the electronic warfare unit for Israeli defence contractor Rafael, detailed how the local privilege escalation vulnerability (CVE-2015-0057) fixed in this week's Patch Tuesday update could grant attackers total control of machines. "A threat actor that gains access to a Windows machine can exploit this vulnerability to bypass all Windows security measures, defe...