CVE-2015-2528

Microsoft Windows 8-10 and Server 2012 - Privilege Escalation via Impersonation Level Mismanagement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2528. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages the CreateObjectTask scheduled task to instantiate the TileUserBroker COM object, allowing arbitrary file deletion via directory junction abuse. It targets Windows 8.1 Update and requires the target user to not have previously set an account picture.

Description

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/38201

View Code ZIP pw:eip

The exploit leverages the CreateObjectTask scheduled task to instantiate the TileUserBroker COM object, allowing arbitrary file deletion via directory junction abuse. It targets Windows 8.1 Update and requires the target user to not have previously set an account picture.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 8.1 Update

Auth required

Prerequisites: Local user access · Target user has not set an account picture · Windows 8.1 Update

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/38201/

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033494

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/159109/Microsoft-Windows-CloudExperienceHostBroker-Privilege-Escalation.html

Scores

EPSS 0.0359

EPSS Percentile 87.9%

Details

CWE

CWE-264

Status published

Products (11)

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

... and 1 more

Published Sep 09, 2015

Tracked Since Feb 18, 2026