Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0058Double Free in Microsoft Windows Server 2012

CWE-415Double Free6 documents5 sources
Severity
7.2HIGHNVD
EPSS
7.7%
top 8.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Server 2012
Timeline
PublishedFeb 11
Latest updateMay 14

Description

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application, aka "Windows Cursor Object Double Free Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-cprx-2qp7-3rgm: Double free vulnerability in win32k2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Local Privilege Escalation (MS15-010)2015-05-25

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed2015-02-10
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015