CVE-2015-6173

Microsoft Windows - Local Privilege Escalation via Kernel Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6173. PoCs published by Nils Sommer.

AI-analyzed exploit summary This exploit triggers a use-after-free condition in win32k.sys on Windows 7 32-bit systems by manipulating bitmaps in the clipboard, leading to a kernel crash. Multiple executions and system activity may be required to reliably trigger the vulnerability.

Description

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6174.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nils Sommer · textdoswindows_x86

https://www.exploit-db.com/exploits/39027

View Code ZIP pw:eip

This exploit triggers a use-after-free condition in win32k.sys on Windows 7 32-bit systems by manipulating bitmaps in the clipboard, leading to a kernel crash. Multiple executions and system activity may be required to reliably trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Microsoft Windows 7 32-bit (win32k.sys)

No auth needed

Prerequisites: Windows 7 32-bit with Special Pool enabled · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-135

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034334

Scores

EPSS 0.0328

EPSS Percentile 86.8%

Details

CWE

CWE-264

Status published

Products (12)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_rt

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

... and 2 more

Published Dec 09, 2015

Tracked Since Feb 18, 2026