⚠ Actively exploited
Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2015-0016Path Traversal in Microsoft Windows Server 2008

CWE-22Path Traversal11 documents9 sources
Severity
7.8HIGHNVD
EPSS
92.1%
top 0.29%
CISA KEV
KEV
Added 2022-05-25
Due 2022-06-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedJan 13
KEV addedMay 25
KEV dueJun 15
CISA Required Action: Apply updates per vendor instructions.

Description

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-59ww-48gw-2fpx: Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP2022-05-14
VulnCheck
Microsoft Windows TS WebProxy Directory Traversal Vulnerability2015

💥Exploits & PoCs

3
Exploit-DB
SeaWell Networks Spectrum - Multiple Vulnerabilities2016-01-18
Exploit-DB
Microsoft Remote Desktop Services - Web Proxy IE Sandbox Escape (MS15-004) (Metasploit)2015-02-03
Metasploit
MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape

🔍Detection Rules

1
Suricata
ET EXPLOIT_KIT SunDown EK CVE-2015-0016 Sep 22 2016 (b643)2016-09-22

📋Vendor Advisories

1
CISA
Microsoft Windows TS WebProxy Directory Traversal Vulnerability2022-05-25

🕵️Threat Intelligence

3
Talos
Microsoft Update Tuesday January 2015: Another Light Month, No IE Bulletins, More Changes to Reporting2015-01-13
Talos
Microsoft Update Tuesday January 2015: Another Light Month, No IE Bulletins, More Changes to Reporting2015-01-13
Zscaler
Zscaler found Multiple Security Vulnerabilities | 01-13-2015