CVE-2015-0058

Microsoft Windows win32k.sys Dangling Pointer Privilege Escalation Vulnerability

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

Vulnerabilidad de doble liberación en win32k.sys en los controladores del modo de kernel en Microsoft Windows 8.1, Windows Server 2012 R2, y Windows RT 8.1 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de la doble liberación del objeto del cursor de Windows.'

This vulnerability allows for elevation of privilege on vulnerable installations of Microsoft Windows. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
The specific flaw exists within the usage of Cursor objects. The issue lies in the failure to properly handle error conditions leading to a pointer not being reset. An attacker can leverage this vulnerability to raise privileges and execute code under the context of SYSTEM.

*Credits: n3phos

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-11-18 CVE Reserved
2015-02-10 CVE Published
2015-05-25 First Exploit
2024-08-06 CVE Updated
2024-09-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-415: Double Free

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/72468	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100432	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/37098	2015-05-25

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-010	2019-05-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"		-		Affected