cbcvebase.
CVE-2015-0081
published 2015-03-11

CVE-2015-0081: Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1…

PriorityP270critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
23.76%
97.5th percentile
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2008
microsoftwindows_server_2012

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://protekresearchlab.com/exploits/PRL-2015-03.rar
urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36336.rar
  • The exploit file must be opened in WordPad — monitor WordPad (wordpad.exe) process spawning unexpected child processes or loading unusual DLLs as a detection vector.
  • The vulnerability is triggered via a crafted web site or file delivered to the victim — monitor for delivery of .rar or crafted document files exploiting Windows Text Services (WTS) memory corruption.
  • ·The vulnerability is described as 'unspecified' in technical detail — no specific memory corruption offset, shellcode, or binary signature is publicly documented beyond the PoC RAR file.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.