CVE-2015-1726

Microsoft Windows - Use-After-Free in Kernel-Mode Drivers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1726. PoCs published by Nils Sommer.

AI-analyzed exploit summary This exploit targets a use-after-free vulnerability in the Windows GDI component, specifically in the handling of brush objects. The PoC demonstrates reliable exploitation by referencing freed memory in the THREADINFO object, leading to potential privilege escalation.

Description

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nils Sommer · textdoswindows_x86

https://www.exploit-db.com/exploits/38269

View Code ZIP pw:eip

This exploit targets a use-after-free vulnerability in the Windows GDI component, specifically in the handling of brush objects. The PoC demonstrates reliable exploitation by referencing freed memory in the THREADINFO object, leading to potential privilege escalation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows (specific versions affected by CVE-2015-1726)

No auth needed

Prerequisites: Access to a vulnerable Windows system · Ability to execute arbitrary code on the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38269/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032525

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061

Scores

EPSS 0.0336

EPSS Percentile 87.2%

Details

CWE

CWE-416

Status published

Products (12)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2003

microsoft/windows_server_2003 r2 sp2

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

... and 2 more

Published Jun 10, 2015

Tracked Since Feb 18, 2026