Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2554Microsoft Windows Server 2008 vulnerability

CWE-2646 documents4 sources
Severity
7.2HIGHNVD
EPSS
3.5%
top 12.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedOct 14
Latest updateMay 14

Description

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-8m22-qgcw-2mj3: The kernel in Microsoft Windows 8, Windows 82022-05-14

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation2018-06-20
Exploit-DB
Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)2015-10-30

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - October 20152015-10-13
Talos
Microsoft Patch Tuesday - October 20152015-10-13