Cyber Resilience

CVE-2015-0016

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 January 2015

Published
13 January 2015
Modified
22 April 2026
KEV Added
25 May 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9209 99.7th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2015-0016 is a high-severity Path Traversal (CWE-22) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is a directory traversal flaw in the TS WebProxy (TSWbPrxy) component, tracked as CVE-2015-0016 with CWE-22. It affects Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1. The issue permits privilege escalation when a crafted pathname is supplied in an executable file, as demonstrated by an integrity-level transition from Low to Medium.

Remote attackers can exploit the flaw to escape the Internet Explorer sandbox and obtain elevated privileges on the target system. The CVSS 3.1 score of 7.8 reflects local attack vector, low complexity, no privileges required, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.

Public exploit code and technical analyses have been published, including detailed walkthroughs of the IE sandbox escape technique and proof-of-concept files hosted on Exploit-DB and Packet Storm. Advisories from vendors such as Secunia reference the associated Microsoft bulletin for patch availability.

EU & UK References

Vulnerability details

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows…

more

remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."

CWE(s)
KEV Date Added
25 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows 8
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
r2
microsoft
windows server 2012
all versions, r2
microsoft
windows vista
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the crafted pathname in the executable file that triggers the directory traversal in TSWbPrxy.

prevent

Enforces intended access restrictions on pathnames and integrity levels that the flaw otherwise bypasses to escalate from Low to Medium.

prevent

Limits the privileges an attacker can obtain even if the Low-to-Medium integrity transition succeeds via the traversal.

References