CVE-2015-0016
critical-risk
Published 2015-01-13
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
Do I need to act?
!
92.1% chance of exploitation in next 30 days
EPSS score — higher than 8% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (9)
Affected Vendors
References (19)
Broken Link
http://secunia.com/advisories/62076
Broken Link
http://www.securityfocus.com/bid/71965
Broken Link
http://www.securitytracker.com/id/1031524
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99515
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99516
Broken Link
http://secunia.com/advisories/62076
Broken Link
http://www.securityfocus.com/bid/71965
Broken Link
http://www.securitytracker.com/id/1031524
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99515
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99516
73
/ 100
critical-risk
Severity
24/34 · High
Exploitability
34/34 · Critical
Exposure
15/34 · Moderate