CVE-2015-2524

Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_8
-
microsoftwindows_8.1
-
microsoftwindows_rt
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1033494
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102
https://www.exploit-db.com/exploits/38202/
http://www.securitytracker.com/id/1033494
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-102
https://www.exploit-db.com/exploits/38202/