CVE-2015-1674

Microsoft Windows < - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1674. PoCs published by 4B5F5F4B.

AI-analyzed exploit summary This exploit demonstrates CVE-2015-1674 by opening a handle to the CNG device and sending a crafted IOCTL request to trigger a local privilege escalation vulnerability in Windows.

Description

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."

Exploits (1)

exploitdb WORKING POC

by 4B5F5F4B · clocalwindows

https://www.exploit-db.com/exploits/37052

View Code ZIP pw:eip

This exploit demonstrates CVE-2015-1674 by opening a handle to the CNG device and sending a crafted IOCTL request to trigger a local privilege escalation vulnerability in Windows.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows (CNG.sys)

No auth needed

Prerequisites: Access to a vulnerable Windows system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032292

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37052/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74488

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-052

Scores

EPSS 0.0086

EPSS Percentile 75.6%

Details

CWE

CWE-254

Status published

Products (6)

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Published May 13, 2015

Tracked Since Feb 18, 2026