Published: 11/02/2015 Updated: 14/05/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 8.1 -
microsoft windows rt 8.1 -
microsoft windows server 2012 r2

// excpp /* Windows XP/2K3/VISTA/2K8/7 WM_SYSTIMER Kernel EoP CVE-2015-0003 March 2015 (Public Release: May 24, 2015) Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake <at> mail <dot> com */ #include "exh" _ZwAllocateVirtualMemory ZwAllocateVirtualMemory; ...

cve-2015-0058 Windows 81 local privilege escalation This repository contains the source code of zdi-15-030 which exploits a double free vulnerability in win32ksys and allows an attacker to gain SYSTEM privileges More can be read here: h30499www3hpcom/t5/HP-Security-Research-Blog/Just-another-day-at-the-office-A-ZDI-analyst-s-perspective-on/ba-p/6710637#VQxDRxDUsrM

CWE-415 http://www.securityfocus.com/bid/72468 https://exchange.xforce.ibmcloud.com/vulnerabilities/100432 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010 https://nvd.nist.gov https://github.com/n3phos/zdi-15-030 https://www.exploit-db.com/exploits/37098/

CVE-2015-0058

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect