CVE-2015-2527

Windows 8, 8.1, RT, RT 8.1, Server 2012, 10 - Privilege Escalation via Win32k Impersonation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2527. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup details a security bypass in Windows 8.1 and Windows 10 (Build 10130) where NtUserGetClipboardAccessToken leaks access tokens to lower-privileged users. The vulnerability bypasses the fix for CVE-2015-0078 by exploiting the IsImmersiveBroker flag, which can be set by injecting a DLL into a signed Microsoft process like LicensingUI.exe.

Description

The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/38199

The writeup details a security bypass in Windows 8.1 and Windows 10 (Build 10130) where NtUserGetClipboardAccessToken leaks access tokens to lower-privileged users. The vulnerability bypasses the fix for CVE-2015-0078 by exploiting the IsImmersiveBroker flag, which can be set by injecting a DLL into a signed Microsoft process like LicensingUI.exe.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Windows 8.1 Update, Windows 10 Build 10130
No auth needed
Prerequisites: Signed Microsoft executable (e.g., LicensingUI.exe) · Ability to inject DLL into the process
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033485
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76599
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-097
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38199/

Scores

EPSS 0.0704
EPSS Percentile 93.4%

Details

CWE
CWE-264
Status published
Products (7)
microsoft/windows_10
microsoft/windows_8
microsoft/windows_8.1
microsoft/windows_rt
microsoft/windows_rt_8.1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
Published Sep 09, 2015
Tracked Since Feb 18, 2026