CVE-2015-0016
Microsoft Windows TS WebProxy Directory Traversal Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
Vulnerabilidad de salto de directorio en el componente TS WebProxy (también conocido como TSWbPrxy) en Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a atacantes remotos ganar privilegios a través de un nombre de ruta manipulado en un fichero ejecutable, tal y como fue demostrado mediante una transición de integridad baja a integridad media, también conocido como 'vulnerabilidad de la elevación de privilegios del salto de directorio.'
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-01-13 CVE Published
- 2015-01-13 First Exploit
- 2022-05-25 Exploited in Wild
- 2022-06-15 KEV Due Date
- 2024-07-03 EPSS Updated
- 2024-08-06 CVE Updated
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/62076 | Broken Link | |
| http://www.securityfocus.com/bid/71965 | Broken Link | |
| http://www.securitytracker.com/id/1031524 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99515 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99516 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-004 | 2024-07-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Rt Search vendor "Microsoft" for product "Windows Rt" | - | gold |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | gold |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | sp2 |
Affected
| ||||||