CVE-2015-1674

Microsoft Windows < - Privilege Escalation

Title source: llm

Description

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."

Exploits (1)

exploitdb WORKING POC

by 4B5F5F4B · clocalwindows

https://www.exploit-db.com/exploits/37052

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74488

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032292

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-052

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/37052/

Scores

EPSS 0.0086

EPSS Percentile 75.2%

Details

CWE

CWE-254

Status published

Products (6)

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Published May 13, 2015

Tracked Since Feb 18, 2026