CVE-2015-0002

Microsoft Windows 7 - Access Control

Title source: rule

Description

The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."

Exploits (2)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/35661

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by James Forshaw, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ntapphelpcachecontrol.rb

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/99523

[Exploit] https://code.google.com/p/google-security-research/issues/detail?id=118

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71972

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/99524

[Various Sources] http://www.zdnet.com/article/google-discloses-unpatched-windows-vulnerability/

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-001

[Various Sources] http://twitter.com/sambowne/statuses/550384131683520512

[Third Party Advisory] http://secunia.com/advisories/61277

Scores

EPSS 0.3820

EPSS Percentile 97.2%

Details

CWE

CWE-264

Status published

Products (8)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Published Jan 13, 2015

Tracked Since Feb 18, 2026