CVE-2015-6132

Microsoft Windows 10 - Access Control

Title source: rule

Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

Exploits (3)

nomisec WORKING POC 15 stars

by hexx0r · poc

https://github.com/hexx0r/CVE-2015-6132

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Google Security Research · textremotewindows

https://www.exploit-db.com/exploits/38968

View Code ZIP pw:eip

exploitdb WORKING POC

rubylocalwindows

https://www.exploit-db.com/exploits/41706

View on exploitdb

References (3)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034338

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/38968/

Scores

EPSS 0.7300

EPSS Percentile 98.8%

Classification

CWE

CWE-264

Status draft

Affected Products (13)

microsoft/windows_10

microsoft/windows_10

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_server_2012

microsoft/windows_vista

Timeline

Published Dec 09, 2015

Tracked Since Feb 18, 2026