CVE-2015-2524

Microsoft Windows 10 - Access Control

Title source: rule

Description

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/38202

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38202/

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033494

Scores

EPSS 0.1663

EPSS Percentile 94.9%

Details

CWE

CWE-264

Status published

Products (7)

microsoft/windows_10

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Published Sep 09, 2015

Tracked Since Feb 18, 2026