CVE-2015-1769

MEDIUM KEV

Microsoft Windows - Elevation of Privilege via Crafted USB Device Symlink Handling

Title source: llm

Exploitation Summary

CVE-2015-1769 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022. EIP tracks 1 public exploit from researchers including int0.

AI-analyzed exploit summary This repository provides a VHD file and batch script to reproduce CVE-2015-1769, a vulnerability in Windows Mount Manager involving symbolic link manipulation. The PoC triggers the vulnerability by mounting the VHD and inspecting system logs for blocked errors if patched.

Description

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."

Exploits (1)

nomisec WORKING POC 3 stars

by int0 · poc

https://github.com/int0/CVE-2015-1769

View Code ZIP pw:eip

This repository provides a VHD file and batch script to reproduce CVE-2015-1769, a vulnerability in Windows Mount Manager involving symbolic link manipulation. The PoC triggers the vulnerability by mounting the VHD and inspecting system logs for blocked errors if patched.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows Mount Manager (versions prior to patch)

Auth required

Prerequisites: Access to mount a VHD file · Local system access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

http://blogs.technet.com/b/srd/archive/2015/08/11/defending-against-cve-2015-1769-a-logical-issue-exploited-via-a-malicious-usb-stick.aspx

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-085

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033244

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1769

Scores

CVSS v3 6.6

EPSS 0.5740

EPSS Percentile 98.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-25

VulnCheck KEV 2015-08-11

InTheWild.io 2015-08-11

ENISA EUVD EUVD-2015-1899

CWE

CWE-264

Status published

Products (11)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 1 more

Published Aug 15, 2015

KEV Added May 25, 2022

Tracked Since Feb 18, 2026