CVE-2015-0016

13.01.2015, 22:59

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_8	-
microsoft	windows_8.1	-
microsoft	windows_rt	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2012	-
microsoft	windows_vista	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/

http://packetstormsecurity.com/files/130201/MS15-004-Microsoft-Remote-Desktop-Services-Web-Proxy-IE-Sandbox-Escape.html

http://secunia.com/advisories/62076

http://www.exploit-db.com/exploits/35983

http://www.securityfocus.com/bid/71965

http://www.securitytracker.com/id/1031524

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-004

https://exchange.xforce.ibmcloud.com/vulnerabilities/99515

https://exchange.xforce.ibmcloud.com/vulnerabilities/99516

http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/

http://packetstormsecurity.com/files/130201/MS15-004-Microsoft-Remote-Desktop-Services-Web-Proxy-IE-Sandbox-Escape.html

http://secunia.com/advisories/62076

http://www.exploit-db.com/exploits/35983

http://www.securityfocus.com/bid/71965

http://www.securitytracker.com/id/1031524

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-004

https://exchange.xforce.ibmcloud.com/vulnerabilities/99515

https://exchange.xforce.ibmcloud.com/vulnerabilities/99516