Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6128Improper Input Validation in Microsoft Windows Server 2008

CWE-20Improper Input Validation7 documents5 sources
Severity
7.2HIGHNVD
EPSS
41.6%
top 2.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Windows Server 2008
Timeline
PublishedDec 9
Latest updateMay 14

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-8w74-h3q4-jvrx: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privile2022-05-14

💥Exploits & PoCs

3
Exploit-DB
Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)2015-12-09
Exploit-DB
Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)2015-12-08
Metasploit
Office OLE Multiple DLL Side Loading Vulnerabilities

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - December 20152015-12-08
Talos
Microsoft Patch Tuesday - December 20152015-12-08