High severity7.8CISA KEVNVD Advisory· Published Apr 21, 2015· Updated Apr 22, 2026

CVE-2015-1701

Description

Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."

Affected products

Microsoft/Windows 2003 Server2 versions
cpe:2.3:o:microsoft:windows_2003_server:r2:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:r2:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*
Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Microsoft/Windows Server 2008
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Microsoft/Windows Vista
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-051nvdPatchVendor Advisory
www.exploit-db.com/exploits/37049/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/37367/nvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2020/May/34nvdMailing ListThird Party AdvisoryBroken Link
www.securityfocus.com/bid/74245nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032155nvdBroken LinkThird Party AdvisoryVDB Entry
www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.htmlnvdThird Party Advisory
twitter.com/symantec/statuses/590208710527549440nvdPress/Media Coverage
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.072
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060