CVE-2015-6133

Microsoft Windows 8, 8.1, RT, RT 8.1, Server 2012, Server 2012 R2, and 10 - Privilege Escalation via Library Loading

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6133.

AI-analyzed exploit summary This Metasploit module exploits multiple DLL side-loading vulnerabilities in various COM components by embedding a malicious OLE object in a PPSX file. When opened, the file triggers the loading of a malicious DLL from the current directory, leading to arbitrary code execution.

Description

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."

Exploits (1)

exploitdb WORKING POC

rubylocalwindows

https://www.exploit-db.com/exploits/41706

View Code ZIP pw:eip

This Metasploit module exploits multiple DLL side-loading vulnerabilities in various COM components by embedding a malicious OLE object in a PPSX file. When opened, the file triggers the loading of a malicious DLL from the current directory, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (2007-2016) and Windows (Vista-10)

No auth needed

Prerequisites: Victim must open the malicious PPSX file from a directory containing the attacker's DLL

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034338

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-132

Scores

EPSS 0.5909

EPSS Percentile 98.3%

Details

CWE

CWE-264

Status published

Products (8)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

Published Dec 09, 2015

Tracked Since Feb 18, 2026