Win32k LPE vulnerability used in APT attack

vendor:

Windows 7

by:

R136a1 / hfiref0x

7.2

CVSS

HIGH

Local Privilege Escalation

264

CWE

Product Name: Windows 7

Affected Version From: Windows 7

Affected Version To: Windows 8.1

Patch Exists: YES

Related CWE: CVE-2015-1701

CPE: o:microsoft:windows_7::-:professional

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: x86, x64

2015

Win32k LPE vulnerability used in APT attack

This exploit is a proof-of-concept code for a local privilege escalation vulnerability in the Windows kernel. It was discovered by FireEye researchers and used in an APT attack. The exploit is based on a race condition in the win32k.sys system call NtUserSetWindowLongPtr() which can be abused to gain SYSTEM privileges.

Mitigation:

Microsoft released a patch for this vulnerability in April 2015.

Source

Exploit-DB raw data:

# Source: https://github.com/hfiref0x/CVE-2015-1701

Win32k LPE vulnerability used in APT attack

Original info: https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html

Credits
R136a1 / hfiref0x



## Compiled EXE:
### x86
+ https://github.com/hfiref0x/CVE-2015-1701/raw/master/Compiled/Taihou32.exe
+ Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37049-32.exe
### x64 
+ https://github.com/hfiref0x/CVE-2015-1701/raw/master/Compiled/Taihou64.exe
+ Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37049-64.exe

## Source Code: 
+ https://github.com/hfiref0x/CVE-2015-1701/archive/master.zip
+ EDB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37049-src.zip