CVE-2015-2524
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.
Vulnerabilidad en Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT Gold y 8.1 y Windows 10 no restringe adecuadamente los niveles de suplantación, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocida como 'Windows Task Management Elevation of Privilege Vulnerability,' una vulnerabilidad diferente a CVE-2015-2528.
The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is a diagnostic class for setting synchronization implemented in SettingSync.dll.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-19 CVE Reserved
- 2015-09-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1033494 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/38202 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102 | 2019-05-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 8 Search vendor "Microsoft" for product "Windows 8" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Rt Search vendor "Microsoft" for product "Windows Rt" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
|