CVE-2015-0016

HIGH KEV

Microsoft Windows 7 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/35983
metasploit WORKING POC GOOD
by Unknown, Henry Li, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms15_004_tswbproxy.rb

References (10)

Scores

CVSS v3 7.8
EPSS 0.9209
EPSS Percentile 99.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-25
VulnCheck KEV 2015-01-13
InTheWild.io 2015-01-13
ENISA EUVD EUVD-2015-0054
CWE
CWE-22
Status published
Products (9)
microsoft/windows_7
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_rt
microsoft/windows_rt_8.1
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_vista
Published Jan 13, 2015
KEV Added May 25, 2022
Tracked Since Feb 18, 2026