Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6133 — Microsoft Windows 10 vulnerability

CWE-2646 documents5 sources

Severity

7.2HIGHNVD

EPSS

59.1%

top 1.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Windows 10 Microsoft Windows Server 2012

Timeline

PublishedDec 9

Latest updateMay 14

Description

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windowsr2

▶NVDmicrosoft/windows_101511

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j35j-6vm2-m262: Microsoft Windows 8, Windows 8↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office - OLE Multiple DLL Side Loading Vulnerabilities (MS15-132/MS16-014/MS16-025/MS16-041/MS16-070) (Metasploit)↗2015-12-08

▶

Metasploit

Office OLE Multiple DLL Side Loading Vulnerabilities↗

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - December 2015↗2015-12-08

▶

Talos

Microsoft Patch Tuesday - December 2015↗2015-12-08

▶