CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2527

The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.186

EPSS Ranking 94.9%

CVSS Severity

CVSS v2 Score 7.2

References

Products affected by CVE-2015-2527

Microsoft » Windows 10 » Version: N/A

cpe:2.3:o:microsoft:windows_10:-
Microsoft » Windows 8.1 » Version: N/A

cpe:2.3:o:microsoft:windows_8.1:-
Microsoft » Windows 8 » Version: N/A

cpe:2.3:o:microsoft:windows_8:-
Microsoft » Windows Rt » Version: N/A

cpe:2.3:o:microsoft:windows_rt:-
Microsoft » Windows Rt 8.1 » Version: N/A

cpe:2.3:o:microsoft:windows_rt_8.1:-
Microsoft » Windows Server 2012 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2012:-
Microsoft » Windows Server 2012 » Version: r2

cpe:2.3:o:microsoft:windows_server_2012:r2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2527

Products

Pricing

Contact Us