CVE-2015-0016
CVE-2015-0016
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 75.9%KEV simPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
13 Jan 2015Metasploit module available
13 Jan 2015Published on NVD
03 Feb 2015Public PoC
25 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Windows' TS WebProxy component allows an attacker to bypass security restrictions by using specially crafted file paths, enabling them to gain higher privileges on the system. This is dangerous because it lets low-privilege users escalate their access without proper authorization.
Technical detail
Directory traversal vulnerability in TS WebProxy (TSWbPrxy) enables privilege escalation from Low Integrity to Medium Integrity context via maliciously crafted executable pathnames. The vulnerability exploits insufficient path validation, allowing remote or local attackers to circumvent integrity level restrictions and elevate privileges.
Summary generated and translated by AI from the official description.
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/130201/MS15-004-Microsoft-Remote-Desktop-Services-Web-Proxy-IE-Sandbox-Escape.htmlunverifiedcve_referencewww.exploit-db.com/exploits/35983unverifiedexploitdbwww.exploit-db.com/exploits/35983unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/http://packetstormsecurity.com/files/130201/MS15-004-Microsoft-Remote-Desktop-Services-Web-Proxy-IE-Sandbox-Escape.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-004http://secunia.com/advisories/62076https://exchange.xforce.ibmcloud.com/vulnerabilities/99515https://exchange.xforce.ibmcloud.com/vulnerabilities/99516https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0016http://www.exploit-db.com/exploits/35983http://www.securityfocus.com/bid/71965http://www.securitytracker.com/id/1031524